0Access Rootkit infection

[Countryrock2001]

I've been trying to rid my computer of a google redirect bug and now malwarebytes says I vahe the 0Access rootkit on my pc. I ran old timer as this thread suggested http://forums.malwar...howtopic=113690 but now I am unsure what to do next. I will post the old timer logs here.

OTL logfile created on: 09-Aug-12 9:51:02 AM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\DeerSlayer7600\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.97 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 47.24% Memory free

7.93 Gb Paging File | 4.28 Gb Available in Paging File | 53.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 291.95 Gb Total Space | 85.79 Gb Free Space | 29.39% Space Free | Partition Type: NTFS

Computer Name: HOME2 | User Name: DeerSlayer7600 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-09 09:50:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\DeerSlayer7600\Desktop\OTL.exe

PRC - [2012-07-09 19:44:56 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

PRC - [2012-07-09 19:44:53 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

PRC - [2012-07-05 23:30:34 | 000,910,128 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Public Use\AppData\Local\temp\jre-6u33-windows-i586-iftw.exe

PRC - [2012-07-04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2011-12-06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2011-12-06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2011-11-16 16:13:28 | 001,613,824 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe

PRC - [2011-06-06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011-02-14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe

PRC - [2011-01-29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe

PRC - [2010-05-07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2009-09-23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009-08-26 21:11:50 | 000,173,368 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

PRC - [2009-08-26 21:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

PRC - [2009-08-26 21:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

PRC - [2009-08-26 21:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

PRC - [2009-07-01 15:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2009-06-04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009-06-04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009-05-26 13:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012-07-09 19:44:58 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll

MOD - [2012-07-09 19:44:53 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe

MOD - [2012-06-14 03:09:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012-06-14 03:09:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012-06-14 03:09:01 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012-05-09 03:24:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012-05-09 03:23:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012-05-09 03:23:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012-05-09 03:23:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012-05-09 03:23:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012-05-09 03:23:13 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012-04-23 18:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012-03-21 18:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012-01-03 22:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2011-12-06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2010-11-04 21:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2010-11-04 21:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2010-11-04 21:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MOD - [2009-08-26 21:11:50 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll

MOD - [2009-08-26 21:11:50 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll

MOD - [2009-08-26 21:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

MOD - [2009-08-26 21:11:50 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll

MOD - [2009-08-26 21:11:50 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll

MOD - [2009-08-26 21:11:50 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll

MOD - [2009-08-26 21:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

MOD - [2009-08-26 21:11:50 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll

MOD - [2009-08-26 21:11:50 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll

MOD - [2009-08-26 21:11:50 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll

MOD - [2009-08-26 21:11:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll

MOD - [2009-08-26 21:11:50 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll

MOD - [2009-08-26 21:11:50 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll

MOD - [2009-08-26 21:11:50 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll

MOD - [2009-08-26 21:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

MOD - [2009-08-26 21:11:48 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll

MOD - [2009-08-26 21:11:48 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll

MOD - [2009-08-26 21:11:48 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll

MOD - [2009-08-26 21:11:48 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-09-27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2011-09-23 15:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)

SRV:64bit: - [2011-02-14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)

SRV:64bit: - [2011-01-29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)

SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009-09-21 17:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2009-09-21 17:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2009-08-22 18:19:06 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV:64bit: - [2009-07-27 16:22:02 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009-07-24 00:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)

SRV:64bit: - [2009-07-13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009-07-13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009-07-01 21:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2012-07-28 17:33:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-07-09 19:44:56 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)

SRV - [2012-07-04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011-12-08 17:29:37 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011-12-06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2011-07-26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011-06-06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010-05-07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009-09-23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009-06-26 15:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2009-06-26 15:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2009-06-10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009-06-04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-04-19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012-03-19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012-03-01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012-02-22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012-01-31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011-12-23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011-12-23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011-12-23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2011-09-02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2011-09-02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2011-04-05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)

DRV:64bit: - [2011-04-05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)

DRV:64bit: - [2011-04-05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011-03-11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011-03-04 15:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2011-02-14 12:57:37 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011-02-08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)

DRV:64bit: - [2011-02-08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV:64bit: - [2011-01-01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV:64bit: - [2010-11-20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010-06-17 10:04:04 | 000,014,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBTUSB.sys -- (VBTUSB)

DRV:64bit: - [2010-04-14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010-02-03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009-12-29 22:16:50 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009-12-21 15:34:24 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)

DRV:64bit: - [2009-09-15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009-08-13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009-08-03 16:14:11 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009-08-03 16:14:10 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009-08-03 16:14:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009-08-03 16:13:42 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009-08-03 16:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009-07-31 16:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)

DRV:64bit: - [2009-07-31 16:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)

DRV:64bit: - [2009-07-27 16:22:05 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009-07-24 01:12:53 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009-07-13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009-06-11 16:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2009-06-10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009-06-10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009-06-05 16:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64)

DRV:64bit: - [2009-06-04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2008-04-16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2009-07-13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005-03-09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)

DRV - [2003-04-19 03:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)

DRV - [2003-03-02 20:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\enodpl.sys -- (enodpl)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT'>http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7613&uid=&did=%7bfad5a08a-1702-48bf-aec4-1025d7f7ac2c%7d&q={searchTerms}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt&component=&c=GNWSO38311&sbs=2&sc=2&f=web&vernum=3.1.5.7613&uid=&did=%7bfad5a08a-1702-48bf-aec4-1025d7f7ac2c%7d&q={searchTerms}

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS358US358

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B2E813D3-D722-4454-8969-CB5FF1CEDAD2}&mid=8403a5bc1d23967878af50fea080aac3-1eee031d26d3e143efb460d64f2d0a0c046c72b8〈=en&ds=AVG&pr=fr&d=2012-05-01 01:10:46&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT'>http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT'>http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B2E813D3-D722-4454-8969-CB5FF1CEDAD2}&mid=8403a5bc1d23967878af50fea080aac3-1eee031d26d3e143efb460d64f2d0a0c046c72b8〈=en&ds=AVG&pr=fr&d=2012-05-01 01:10:46&v=11.1.0.7&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.weather.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2

FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo

FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.5

FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0

FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6

FF - prefs.js..extensions.enabledItems: {080955ad-b8bb-4500-806f-d2b9ad73d72e}:1.8.71

FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\DeerSlayer7600\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\DeerSlayer7600\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DeerSlayer7600\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\Users\DeerSlayer7600\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012-07-23 08:58:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011-11-22 11:52:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-07-22 19:26:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-28 17:33:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-12-29 19:33:39 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{81ECCB38-C96F-11E1-8270-B8AC6F996F26}: C:\Users\DeerSlayer7600\AppData\Local\{81ECCB38-C96F-11E1-8270-B8AC6F996F26}\ [2012-07-08 22:40:59 | 000,000,000 | ---D | M]

[2009-12-09 17:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Extensions

[2012-08-02 12:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\extensions

[2012-03-30 10:05:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010-04-08 19:57:04 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}

[2012-08-02 12:43:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2012-06-24 22:41:50 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\extensions\OneClickDownload@OneClickDownload.com

[2010-11-19 18:02:11 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\extensions\redshift_V2@shift-themes.com

[2011-02-18 11:28:37 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\extensions\tineye@ideeinc.com

[2012-08-05 10:55:06 | 000,005,758 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\best-buy.xml

[2009-12-29 22:17:58 | 000,002,055 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\daemon-search.xml

[2012-08-05 10:55:06 | 000,005,539 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\gunbrokercom.xml

[2012-08-05 10:55:06 | 000,001,423 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\gunsamerica.xml

[2012-08-05 10:55:06 | 000,002,537 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\imdb.xml

[2012-08-05 10:55:06 | 000,004,207 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\newegg.xml

[2012-08-05 10:55:06 | 000,002,581 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\sportsmans-guide.xml

[2012-08-05 10:55:06 | 000,001,844 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\tiger-direct.xml

[2012-08-05 10:55:06 | 000,002,641 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\wal-mart.xml

[2012-08-05 10:55:06 | 000,002,385 | ---- | M] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\searchplugins\youtube.xml

[2012-04-28 17:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012-07-22 19:26:33 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK

[2012-07-08 22:40:59 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\DEERSLAYER7600\APPDATA\LOCAL\{81ECCB38-C96F-11E1-8270-B8AC6F996F26}

[2012-02-22 10:15:48 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\DEERSLAYER7600\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CVH7XHT7.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI

[2012-07-27 12:40:42 | 000,324,456 | ---- | M] () (No name found) -- C:\USERS\DEERSLAYER7600\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CVH7XHT7.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI

[2012-07-28 17:33:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-04-07 20:19:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009-09-23 07:23:24 | 001,916,928 | ---- | M] (Total Immersion) -- C:\Program Files (x86)\mozilla firefox\plugins\NPDFusionWebFirefox.dll

[2011-12-09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012-07-09 19:44:53 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012-07-28 17:33:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012-07-28 17:33:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={B2E813D3-D722-4454-8969-CB5FF1CEDAD2}&mid=8403a5bc1d23967878af50fea080aac3-1eee031d26d3e143efb460d64f2d0a0c046c72b8〈=en&ds=AVG&pr=fr&d=2011-12-14 21:03:20&v=10.0.0.7&sap=dsp&q={searchTerms}

CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1804_0\plugins/avgnpss.dll

CHR - plugin: D'Fusion @Home Web Plug-In (2.10.8658) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DeerSlayer7600\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.8.1 (Enabled) = C:\Users\DeerSlayer7600\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\DeerSlayer7600\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\DeerSlayer7600\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: TinEye Reverse Image Search = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\

CHR - Extension: AVG Safe Search = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: Metallica = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocmladbiokkiogkhlijcbfjpnomnhpoc\3.0_0\

CHR - Extension: Gmail = C:\Users\DeerSlayer7600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-07-25 13:32:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll ()

O3:64bit: - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [smartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()

O4 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000..\Run: [POP Peeper] C:\Program Files (x86)\POP Peeper\POPPeeper.exe (Mortal Universe)

O4 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe (Adobe Systems Incorporated)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2819605077-4113226334-3711507615-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F158A689-5F56-4735-95DB-B1B7F0E2835A}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F158A689-5F56-4735-95DB-B1B7F0E2835A}: NameServer = 209.18.47.61,209.18.47.62

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-09 09:50:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\DeerSlayer7600\Desktop\OTL.exe

[2012-08-03 13:07:32 | 000,000,000 | ---D | C] -- C:\Users\DeerSlayer7600\Documents\My Kindle Content

[2012-08-03 13:07:20 | 000,000,000 | ---D | C] -- C:\Users\DeerSlayer7600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

[2012-08-03 13:07:20 | 000,000,000 | ---D | C] -- C:\Users\DeerSlayer7600\AppData\Local\Amazon

[2012-08-03 13:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2012-07-29 16:15:39 | 000,000,000 | ---D | C] -- C:\Users\DeerSlayer7600\AppData\Local\{656E96BC-FAE3-4552-A6A6-717D646199CF}

[2012-07-29 16:15:27 | 000,000,000 | ---D | C] -- C:\Users\DeerSlayer7600\AppData\Local\{F6C00431-C170-4DB1-B576-8EFDE53C6D9E}

[2012-07-28 21:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2012-07-28 21:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012-07-28 20:39:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012-07-28 20:34:15 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012-07-25 13:14:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012-07-25 13:14:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012-07-25 13:14:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012-07-25 13:13:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012-07-25 01:40:39 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\DeerSlayer7600\Desktop\ComboFix.exe

[2012-07-23 08:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012-07-22 18:19:24 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-07-14 17:21:56 | 000,000,000 | ---D | C] -- C:\Users\DeerSlayer7600\AppData\Roaming\Awesomium

[2011-05-08 01:37:25 | 002,529,280 | ---- | C] (Marius Bancila) -- C:\Users\DeerSlayer7600\Alchemy.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-09 09:50:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\DeerSlayer7600\Desktop\OTL.exe

[2012-08-09 09:35:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012-08-09 08:35:40 | 103,289,042 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012-08-08 20:35:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012-08-06 15:39:02 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-08-06 15:39:02 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-08-03 13:07:23 | 000,002,005 | ---- | M] () -- C:\Users\DeerSlayer7600\Desktop\Kindle.lnk

[2012-08-01 18:05:38 | 000,417,476 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012-07-31 01:02:50 | 000,412,496 | ---- | M] () -- C:\test.xml

[2012-07-28 20:38:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-07-28 20:38:35 | 3195,289,600 | -HS- | M] () -- C:\hiberfil.sys

[2012-07-28 19:46:25 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\DeerSlayer7600\Desktop\ComboFix.exe

[2012-07-28 17:33:49 | 000,002,055 | ---- | M] () -- C:\Users\DeerSlayer7600\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012-07-26 12:47:04 | 000,029,946 | ---- | M] () -- C:\Users\DeerSlayer7600\Desktop\292434_3486530411112_110076645_n.jpg

[2012-07-25 13:32:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012-07-23 08:58:53 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012-07-22 21:38:49 | 000,300,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-03 13:07:23 | 000,002,005 | ---- | C] () -- C:\Users\DeerSlayer7600\Desktop\Kindle.lnk

[2012-07-26 12:47:02 | 000,029,946 | ---- | C] () -- C:\Users\DeerSlayer7600\Desktop\292434_3486530411112_110076645_n.jpg

[2012-07-25 13:14:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012-07-25 13:14:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012-07-25 13:14:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012-07-25 13:14:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012-07-25 13:14:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012-07-08 13:12:34 | 000,006,183 | ---- | C] () -- C:\Windows\wininit.ini

[2012-06-23 22:05:11 | 000,000,241 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Roaming\GPU Meter_Settings.ini

[2012-04-01 15:44:44 | 000,000,128 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Earthquakes Meter_Settings.ini

[2011-12-30 23:36:42 | 000,230,599 | ---- | C] () -- C:\Users\DeerSlayer7600\error notice.jpg

[2011-11-17 12:05:20 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys

[2011-11-17 12:05:17 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys

[2011-10-21 11:37:01 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011-10-12 13:16:19 | 000,000,412 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Roaming\All CPU Meter_Settings.ini

[2011-06-12 12:57:17 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys

[2011-06-01 13:58:11 | 000,000,353 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Network Meter_Settings.ini

[2011-06-01 13:56:42 | 000,000,166 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Roaming\Battery Meter_Settings.ini

[2011-05-22 12:14:12 | 000,000,141 | ---- | C] () -- C:\Users\DeerSlayer7600\DeerSlayer7600.aus

[2011-05-08 00:42:53 | 000,002,833 | ---- | C] () -- C:\Users\DeerSlayer7600\1.aus

[2011-04-24 21:22:29 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2011-04-24 21:22:29 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2010-07-31 00:38:17 | 000,000,000 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Local\prvlcl.dat

[2010-07-09 14:18:24 | 000,001,318 | ---- | C] () -- C:\Users\DeerSlayer7600\Downloads - Shortcut.lnk

[2010-03-27 01:42:28 | 000,000,000 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Roaming\downloads.m3u

[2010-02-22 18:38:02 | 000,000,170 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Roaming\default.rss

[2009-12-30 16:30:48 | 000,001,024 | ---- | C] () -- C:\Users\DeerSlayer7600\.rnd

[2009-12-28 19:54:11 | 000,000,632 | RHS- | C] () -- C:\Users\DeerSlayer7600\ntuser.pol

[2009-12-19 14:06:08 | 000,000,218 | ---- | C] () -- C:\Users\DeerSlayer7600\.recently-used.xbel

[2009-12-10 22:09:26 | 000,000,017 | ---- | C] () -- C:\Users\DeerSlayer7600\AppData\Local\resmon.resmoncfg

========== LOP Check ==========

[2009-12-19 14:06:08 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\.purple

[2009-12-19 14:07:17 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\acccore

[2011-04-22 13:10:06 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Apowersoft

[2009-12-29 23:04:58 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Atari

[2010-01-08 17:06:58 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Auslogics

[2011-09-05 12:10:50 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\AVG2012

[2012-07-29 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Awesomium

[2010-08-09 18:45:59 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\COWON

[2011-08-20 20:21:06 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\DAEMON Tools Lite

[2010-03-03 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Facebook

[2010-02-12 21:06:19 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\fofix

[2009-12-19 14:01:16 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\gtk-2.0

[2009-12-29 20:12:02 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Leadertech

[2012-01-08 02:42:58 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Motorola

[2009-12-11 20:23:59 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\OpenOffice.org

[2012-07-26 14:01:19 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\POP Peeper

[2010-07-03 02:42:57 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Subversion

[2011-12-20 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\SystemRequirementsLab

[2009-12-25 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Total Immersion

[2009-12-09 18:34:25 | 000,000,000 | ---D | M] -- C:\Users\DeerSlayer7600\AppData\Roaming\Webshots

[2011-09-05 12:10:51 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2012

[2010-07-29 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\Public Use\AppData\Roaming\acccore

[2011-09-05 12:10:51 | 000,000,000 | ---D | M] -- C:\Users\Public Use\AppData\Roaming\AVG2012

[2012-05-29 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\Public Use\AppData\Roaming\Motorola

[2011-02-02 18:50:30 | 000,000,000 | ---D | M] -- C:\Users\Public Use\AppData\Roaming\Subversion

[2012-05-01 01:52:01 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

[Countryrock2001]

OTL Extras logfile created on: 09-Aug-12 9:51:02 AM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\DeerSlayer7600\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.97 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 47.24% Memory free

7.93 Gb Paging File | 4.28 Gb Available in Paging File | 53.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 291.95 Gb Total Space | 85.79 Gb Free Space | 29.39% Space Free | Partition Type: NTFS

Computer Name: HOME2 | User Name: DeerSlayer7600 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2819605077-4113226334-3711507615-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2819605077-4113226334-3711507615-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05283914-7999-4007-AB61-AF2072FF9A1C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{08963E76-A2C5-43C6-990F-C236916ACE52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{0B012165-2B62-401D-8CE4-EA8914FE762E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{237BB27B-70FC-494E-A7BD-0F95257401DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{23ACFC6B-6FD8-41AF-BD30-7632D5F22C54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{248F76AD-2CE2-4B90-B81B-8AA93E83DC2D}" = lport=34987 | protocol=6 | dir=in | name=rise2 |

"{2DB82D46-DE60-4104-9F7E-1CDEDA8F3D93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{32710401-C5E4-4C28-9511-E1D4AC265CFF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{33B0D36E-9965-44D6-B715-B997896D9DC7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{4E142254-AEA9-4F0A-93EC-C4F7487F05D4}" = rport=34987 | protocol=17 | dir=out | name=rise1 |

"{5236E6A5-8C54-4C9C-8623-CE73A393CFEC}" = lport=34987 | protocol=17 | dir=in | name=rise1 |

"{57D72979-8185-447B-94B7-13850B4D7B22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{598CF26E-1346-4C00-839F-2E03B5A4E8B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6E4CA738-8A60-4E15-8008-22BE4153F238}" = rport=137 | protocol=17 | dir=out | app=system |

"{82A609FA-E213-48F9-B895-E7DA80A12991}" = rport=10243 | protocol=6 | dir=out | app=system |

"{840B994C-DFFC-40FA-8322-A3FE9182232D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8A2094B0-3407-43E7-A97C-3BE515DB4BF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8F2CE4A7-1FEB-4926-8A82-19EF19DD8F96}" = lport=445 | protocol=6 | dir=in | app=system |

"{9495DBB0-8417-4B29-AD39-7D1136CC8130}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9BEC0045-9A28-45C8-A7C8-F0307541B4EC}" = rport=138 | protocol=17 | dir=out | app=system |

"{A34A1BE4-7305-4D3A-96DA-DBC5C2F15822}" = rport=445 | protocol=6 | dir=out | app=system |

"{B2355AE9-1B9B-44E7-85B8-3181B30A79B7}" = lport=137 | protocol=17 | dir=in | app=system |

"{BBD3C655-1D30-43F9-8E31-EEC8C89924E7}" = rport=139 | protocol=6 | dir=out | app=system |

"{C0E00BB9-F9C9-4B40-9A4E-8C2AFE2DE71D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C7818EF2-6A9D-412B-95D3-60C990B860CA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{C83F2712-ED91-4C10-B601-F5C6516957F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CE090643-EFBF-46A9-A565-B012FAC192ED}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{D2146F4B-FC8C-432D-87B9-5E010B39DA54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D2FEB001-7A56-4EEE-81DA-2ABB03FC0E49}" = lport=138 | protocol=17 | dir=in | app=system |

"{D79DFAD6-4267-4DB6-9A36-7E4E08329A67}" = rport=34987 | protocol=6 | dir=out | name=rise2 |

"{DEC62D14-8B94-4053-B068-DC17A2BFDBBF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DF365522-4F3B-4B40-97D8-0549E80C10D2}" = lport=10243 | protocol=6 | dir=in | app=system |

"{E2277B07-6F21-445B-866D-2E6D63FC3516}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E2C7DF92-8BC7-4BB8-AA96-B680EEFEC5CB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{F319D2CC-23AA-4EAC-A6DC-06F79951876E}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00954F10-7396-4BCA-917E-729A0A35B3C2}" = protocol=6 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe |

"{009CEE60-E9A6-4F41-89BB-DB558D810B60}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |

"{01E035DC-B14A-4783-80E1-1F527B1AEA3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{046322C3-88FB-4342-83EB-7245E6E85D65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{04877C8B-0E5A-49E9-AF65-EFDDD08561ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{0532C875-8F05-4CBD-B479-74F626C35768}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{05F1C92B-ADE5-48C6-9FFE-8170AE579006}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{0658BCBC-CA87-4F84-87D3-9A965D6C747E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{074C4B13-5A65-4965-965F-63DF9EA6CF35}" = dir=out | app=%programfiles% (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"{091C76E7-AD21-40E1-A3DF-9914D26AB6CC}" = protocol=6 | dir=in | app=c:\program files\valve\garry's mod\hl2.exe |

"{09D85BDE-6345-4EFF-8D7E-1856A3602F8D}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero rescueagent\nerorescueagent.exe |

"{0A479514-2E33-4764-A001-A5655DF3E8E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0B1C4C57-067E-4C47-8AA9-84065671C8E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\demolition company\game.exe |

"{0C408B0B-5E1C-47AE-A3C3-4D87ACB0D27F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{0D1889C8-CB94-4E1E-8C94-2E3DD8A6644E}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{0D5B7EC4-28B6-4C0F-ABBE-1F186DABFD7D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{0F6FBC61-B55F-4B65-ABA3-2B5D8FC1C1E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"{1037C2ED-8302-4581-8FF6-015A2A98E348}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1138E106-BC80-4A81-A6CC-482DCCE34F62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{14248DD3-B2E8-4991-B529-9D9F9C2D398C}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero burnrights\neroburnrights.exe |

"{16DC264F-4904-4CE9-9554-F54A7FF5F9A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1743D7FA-FC11-44A2-9BBB-FCAEC571FDFB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{19154304-2EA2-4A3E-9E4E-FC6F67689256}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1BC374BF-40B3-4AAB-B21D-A31D7F4178DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\demolition company\game.exe |

"{1BD9F988-D255-4F54-9B1E-CC40D1E3DAE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |

"{1D405000-47E9-46B7-8980-0A07C49F6DCF}" = protocol=6 | dir=in | app=c:\program files\valve\garry's mod\srcds.exe |

"{1EF3BD09-DE00-42C8-B192-8BEF7A0337C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\demolition company\game.exe |

"{20748DA9-1C5C-4185-9D56-7A6E250AF269}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{21FB8ABB-CF54-40F2-A630-CD3FCCD8A0C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{25D59A6E-B23D-4F2B-84E1-67729AA1F418}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2680D343-9D85-4262-81B9-CDDD4BB1913E}" = dir=out | app=%programfiles% (x86)\rapidsolution\tunebite 7\tunebite.exe |

"{2710AB2F-5B35-42A7-8600-54FBEADA5A95}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero showtime\showtime.exe |

"{28653E1A-ED0C-4EE4-98DB-55BD2BA8B2EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\day of defeat source\hl2.exe |

"{29CF2CF1-E010-4FC6-8E86-FB43D8E79D5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{2AD10F7E-9365-407F-9FA4-A897A096A4D3}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero vision\nmtvwizard.exe |

"{2AE944B1-DA71-4A53-A299-21DDA36EC383}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero infotool\infotool.exe |

"{2D43FE6D-923C-4C4C-9866-9222B0124F78}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{2E07D8E9-960F-4E80-B044-AAE2CDF554F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{2F2BAFC1-DA2F-49C6-931B-76017E91317D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{310F9315-A5D4-4D74-979D-CB8B853890E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{362E1594-4F16-4025-9550-F7430932BDC1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{39423264-4557-4AE3-A552-FCBE1C47BE06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3F49D0FE-C723-4E13-8EB6-68AC646AD6CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"{438D1E20-45B0-44F9-A10D-D8270EBE4DE0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

"{43B66FE8-C8D0-4516-835B-D48F7D30EE9A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{484301BB-7F97-4B14-8AEA-94A66D343DAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\counter-strike source\hl2.exe |

"{4BBA3188-4248-4343-9746-C76A9AACE821}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{4ECBA23A-83B3-46C6-BFF0-898CFAD212C1}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero burning rom\nero.exe |

"{4F38D44D-A273-41DE-B5B1-0962F8AEE9FE}" = protocol=17 | dir=in | app=c:\program files\valve\garry's mod\hl2.exe |

"{4F8F4054-40E3-48D4-BA44-9A0B6EB59D9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{50F7C9C7-108A-4AE5-AEAA-05ABE9373914}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{5297FCD3-801C-4A29-B5CC-BAA452A57538}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero soundtrax\soundtrax.exe |

"{53882A91-D227-4009-BA3D-7DF24D32B8A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{53A05673-7D1B-460A-B9DC-BB0EAFCA0174}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{59F30FA3-F18B-4A37-B824-2656BB0FC510}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{5AABECA4-4CDC-41A3-82CE-BFCBBF09EB76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{5BC7E42A-478E-4B54-ACF7-BE1D834A55E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5BC882DE-63E1-43B0-9222-FC31E9739F8C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{5C24F2BE-3D48-4CDF-890E-F3DE83B0406D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{5DAF94DD-668F-450E-B2A2-1CD3FF9F1076}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{5DFE0F70-5307-40AA-9247-A8F3EB4719CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{608F30A6-9706-4056-9959-65433331A29B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\counter-strike source\hl2.exe |

"{6169C446-D211-4ED2-97C6-CD184AB6E754}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{61740CD4-E485-4F06-968B-88A76BC9B091}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |

"{6601B9E3-4234-433B-975F-BA01CF56D658}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{667A8AD9-09C4-4C83-9EE0-53D1D53DC695}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero discspeed\discspeed.exe |

"{66D98847-E730-4834-9374-131204D8A555}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |

"{68795AAC-0A93-4D2E-88EC-DB00156758B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{6A3FD22E-9B17-456D-BEE7-EC3F657DE56E}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"{6B75C7D0-F41D-4557-9D47-2217E9F41B37}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{6C1DF894-712B-4B48-BB86-EDED01390145}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{6F01CE79-F78B-4898-A02D-8420442FEBBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{6FBFC5BC-063F-43B4-A1FA-FD2023AF06E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |

"{713AE2B3-6BF0-42B8-A7FE-BC2FC57AFB97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{721240B1-21AD-454C-90EA-8813BA91B2FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"{735D0386-E9DD-43E1-9FEB-8B1D6AD0C10D}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"{75ED88F7-B336-4B2E-ADDC-D196FE864367}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

"{7D3C006A-EE81-415A-BC27-8A7FC0282AB2}" = protocol=17 | dir=in | app=c:\program files\valve\garry's mod\srcds.exe |

"{7DF611D6-81A0-4EE3-9C30-9C131E2BA1D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"{7E837427-E0B7-4279-A814-18B4B5791B89}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{7F16C68E-8D17-47D6-AEA3-52F7D38A6596}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero express\neroexpress.exe |

"{8122A0C7-EA82-49BC-9B30-92E34DACC79C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{816BEB5A-357C-4602-A97D-66BAE6E1A07E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{83A9B223-414D-4D42-97CE-B93ACB22CD00}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero coverdesigner\coverdes.exe |

"{8492F028-DCA5-4168-AB7D-EE655B6DA645}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{84C2D6A6-E21A-4296-ABDF-71FA084C83E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{859BE978-80B4-46FA-9A7E-40C26A7F9382}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |

"{85B788B8-0F62-48B7-8D1D-91842992FE6C}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero waveeditor\waveedit.exe |

"{867CE286-5BEB-468E-A011-717557782094}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{8858C1DC-9CCF-4712-916A-F03DF7F22FD8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{89C654B4-1B5C-44C4-8C04-701932BD2DA7}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{904DF2B6-009C-42E0-BC19-A2AFF542928D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"{91BC05F9-6E0F-4219-B6F7-659903FD4ED1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garry's mod beta\hl2.exe |

"{91F6E51A-DD46-421A-B4C7-F1462CED7911}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9574B0AF-E5D5-4207-ABCB-949C4E96C44E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{95D4EC3A-730F-4B1A-83B2-A34A36FC58E9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{9699F5C6-03AD-4395-B6E1-6F6F1D03453A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{96D8699E-E1D6-4BE4-9F18-0D6CC95D4D21}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{9A7F8701-E082-45B6-9C10-56743F9C225C}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero recode\recode.exe |

"{9AD555A4-9446-474D-8C2F-726D98ACED18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |

"{9BD549E7-833A-4917-900B-396EA1AB4DCE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\day of defeat source\hl2.exe |

"{9CD2DAB7-1B43-486C-946C-9C4668899FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{A0AD1019-949B-41F3-A525-7D4618FAD5B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A831B92C-3169-4250-B522-22F425F2D3B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\counter-strike source\hl2.exe |

"{A878C355-4420-4A43-975C-7F6595C1A5ED}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{AC31A855-0C3F-4B34-BA5B-2BDACD8EDF05}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{AC51620F-FEBF-4AA1-B611-BA11C1C18C99}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero vision\nerovision.exe |

"{AD076F8B-0859-4BDA-ABB1-BE9246C4B10B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AE301499-287F-4DFC-A42A-E89DCCFC308B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |

"{AE45716E-0256-4B4B-9001-BB548606BCAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AE7F3389-A6F3-460E-B8D9-16AAA6E873BA}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero drivespeed\drivespeed.exe |

"{AEE97C56-C504-4983-9B54-757C8447D594}" = protocol=17 | dir=in | app=c:\program files (x86)\lavasoft\ad-aware\ad-aware.exe |

"{B01E4B65-02A9-416F-ACFF-8E3A0B953FE7}" = dir=in | app=c:\users\deerslayer7600\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{B47FA59E-8EFE-459B-A67E-3627A6E22247}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B756804B-A683-489C-A747-D77FE9CDA519}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garry's mod beta\hl2.exe |

"{BAC45A8A-525C-40CB-BAAF-234776F5A618}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero photosnap\photosnap.exe |

"{BB00DEC5-B901-45ED-B214-AA5651047994}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{BDEAFF75-9F7C-463C-BC14-3DCB0FC5F7F8}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{C0130440-957B-4578-BA68-2F683008DD52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C45A67B2-DCD4-476A-970E-664E932560A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\day of defeat source\hl2.exe |

"{C554E57D-C4E8-45BA-83E7-1201070C1CA5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

"{C57A3E73-896C-4188-BA63-BC7A7DFBA3B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C68FCBE8-DA5B-44DF-8754-2A8DF9568B81}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C6B555A6-D698-4399-93DA-B058B65BF18A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{C746B98B-F349-4FAE-9FF0-59B7516F65DE}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{C9E3FEB0-49C1-4254-A13E-05CFB53A8A15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CCAB430B-640C-499B-81E4-819A2F60093D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{CCCBAD8C-F682-495C-960D-8CB5552920B1}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero photosnap\photosnapviewer.exe |

"{CFB22E52-E52C-48A7-A1A7-CC94DB637656}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{D02B4711-88BC-4F7A-A2AD-C4F2E6A0D21A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{D2D73FD9-CF68-405D-AEA9-1D44BD43D902}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{D8CB931E-FFB7-48C5-84D9-95C3A5291C04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D8DC083A-7F64-4377-8A24-B4AD3591C18A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{D9945BAE-8B53-42CD-9298-D00B4D8FDE4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |

"{DA06C041-DB97-40D4-A4BA-115CF50EFB24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{DA90A028-F03D-4EC3-8A9C-5BDDC72D28FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{DCB3540E-D30A-4B51-8153-ADA6E7A564A3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |

"{DCBC8120-2364-4A39-ADB6-030352CE1466}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{DDD4495F-B3DC-4BAF-916B-8B4D6F2475D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\day of defeat source\hl2.exe |

"{E090376B-B91B-433A-B255-8DA91B004222}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E15C7E01-2CE0-4099-BFAE-D429E4568046}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{E1626EC4-FC3B-4E10-AD8F-E9520E3019D1}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{E5940E86-B805-4439-AA9C-4B08D0F247B2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{E5A128E7-B1C7-4ADC-9D38-0E96BAC0D34C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{E6D7CF26-30B5-46C6-8AB9-F3E7B141F8F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{E7A3B76F-22B4-43F9-87AC-58F08B191DAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\demolition company\game.exe |

"{E80B72F2-D490-4679-8662-C60EF03A187D}" = protocol=6 | dir=out | app=system |

"{F107ECFB-775D-40D4-BA38-0759947886AB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"{F1B90649-3E75-4035-A678-6F9FB380CDF6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{F34200CB-425F-48B1-A33C-628A6302B6A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\counter-strike source\hl2.exe |

"{F4F2EB88-3F1E-4620-8D14-AE8E3A8C9548}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |

"{F6BE8FE5-8B8B-4229-87E3-B5B69136003C}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero vision\slideshw.exe |

"{F7744E93-9D3E-4F0D-B4BC-496EECB9EA63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{F88C8A42-C487-4EF8-B56F-3454381FA767}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{F8C87808-8547-4E52-8783-7F28EC31E957}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{F8F8A46E-A8DF-451F-AE45-0733C5586E8B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |

"{FC6F4FD7-5CEB-499B-AC18-618127F3A214}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{FE6811A7-D3B4-491F-981E-24536C73EBE5}" = dir=out | app=%programfiles% (x86)\nero\nero 9\nero startsmart\nerostartsmart.exe |

"{FFCC09BB-9B58-4A5F-B519-BB00E480B7A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FFFA91DE-4D0D-4A5E-8DC8-FFB3FDF7206E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |

"TCP Query User{049B834F-60BA-42E5-B600-4CCB29D18213}C:\program files (x86)\steam\steamapps\deerslayer7600\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\counter-strike source\hl2.exe |

"TCP Query User{174D687C-A4EE-4DBF-AEF1-49A585FD9A81}C:\program files (x86)\steam\steamapps\deerslayer7600\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\team fortress 2\hl2.exe |

"TCP Query User{1AAA58F8-958E-4744-87BE-BDB295493EF3}C:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |

"TCP Query User{1F41188A-2E5D-4BB7-9369-368228442135}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"TCP Query User{30835E33-545A-4F46-B7A5-084170E49D6B}C:\program files (x86)\apowersoft\video downloader suite\video-downloader-suite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\apowersoft\video downloader suite\video-downloader-suite.exe |

"TCP Query User{5DF95D8E-E40A-4689-9038-DCD4D3650E39}C:\program files\sony\vaio care\vcsystray.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vcsystray.exe |

"TCP Query User{7188D2A9-1FB5-4E99-A871-62EA9E872708}C:\program files (x86)\steam\steamapps\deerslayer7600\garry's mod beta\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garry's mod beta\hl2.exe |

"TCP Query User{73782633-DE70-44EE-BEA1-FB5B602C3A31}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |

"TCP Query User{8F4703C4-6223-43D1-B200-C063F516377E}C:\program files (x86)\microsoft games\rise of nations\patriots.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\patriots.exe |

"TCP Query User{9324C7A1-984C-48B5-8EA9-854D1038242A}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |

"TCP Query User{A26E7D62-4967-4468-89ED-75EE034CD717}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |

"TCP Query User{A4CA23BC-C53E-4878-B387-4B044DEFDF3D}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |

"TCP Query User{B2345359-4AF7-40D2-ACBF-F2BB0385798B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{B704E9C0-47A8-4D03-8DBF-879541B4E6BC}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |

"TCP Query User{CB6A1D4B-FFC2-4C6E-ACC5-3E3D1B4FE355}C:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"TCP Query User{EADB53BB-20BA-41D0-A546-8A080CE54021}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{F98D5445-A90E-4AC8-B0D3-8D05E240A1BE}C:\users\deerslayer7600\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\deerslayer7600\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{034A7EFA-84B2-4950-9E4A-5792F893F3B0}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |

"UDP Query User{0566B147-2368-404A-BE08-2506BB775771}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |

"UDP Query User{0CE9505A-44BB-49DA-995F-731CAD0D5A17}C:\program files (x86)\steam\steamapps\deerslayer7600\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\counter-strike source\hl2.exe |

"UDP Query User{0EF6CAD3-C008-484D-9180-5A3277071982}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |

"UDP Query User{3228726A-572E-49DA-A748-C94B32C8ED8C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{470639CF-DCE0-4E49-BE38-F488518AE477}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{565BCCB3-97F4-4A3C-8CA8-50FEAD7E8571}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |

"UDP Query User{58DD486E-6B3A-4442-A854-004E53C3D8D1}C:\users\deerslayer7600\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\deerslayer7600\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{6C5DF84A-9E91-43BF-A565-C407D2314373}C:\program files\sony\vaio care\vcsystray.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vcsystray.exe |

"UDP Query User{7EA10249-0D11-4685-9E17-ABA8902548EB}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |

"UDP Query User{8D2C16B7-AA45-4F87-99BB-77C8E1978F3A}C:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garrysmod\hl2.exe |

"UDP Query User{B0B793F7-B10D-44CF-B96A-F4AC652A45E0}C:\program files (x86)\steam\steamapps\deerslayer7600\garry's mod beta\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\garry's mod beta\hl2.exe |

"UDP Query User{B67AFBD3-B1B0-4065-A01B-2D8DC62612D2}C:\program files (x86)\microsoft games\rise of nations\patriots.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\rise of nations\patriots.exe |

"UDP Query User{BA270770-4E81-48BF-9F0F-412F7D34D5BF}C:\program files (x86)\apowersoft\video downloader suite\video-downloader-suite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\apowersoft\video downloader suite\video-downloader-suite.exe |

"UDP Query User{CE9EF6FE-57E1-4AEB-8F4B-8A93AC4491B0}C:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |

"UDP Query User{D6694088-FF9C-4E82-9152-BCBA62EFC12E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"UDP Query User{F36F2007-BDF5-4A33-9A61-EA5364CA3DBC}C:\program files (x86)\steam\steamapps\deerslayer7600\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\deerslayer7600\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers

"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java 6 Update 15 (64-bit)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java SE Development Kit 6 Update 15 (64-bit)

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{7095F86C-BB1A-4254-96A0-7C63A1F8D403}" = TortoiseSVN 1.7.3.22386 (64 bit)

"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012

"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software

"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"AVG" = AVG 2012

"CCleaner" = CCleaner

"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.3.0 (64-bit)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"ProInst" = Intel PROSet Wireless

"SP6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play with PlayStation®3

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Startup Assistant

"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support

"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard

"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456

"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java 6 Update 16

"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java 6 Update 17

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE

"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode

"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian

"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent

"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care

"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static

"{3BEBC95D-FDBA-480B-93E8-9B4E9E41733C}" = MapSend Topo 3D USA

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision

"{452167AD-8C66-4726-9F6D-F27CFE13B8A3}" = NextUp.com-NeoSpeech Kate16 Voice

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{48D7FBA8-624C-4160-8A1D-D62619C2A693}" = NextUp.com-NeoSpeech Paul16 Voice

"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional

"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English

"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ

"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update

"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management

"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules

"{70991E0A-1108-437E-BA7D-085702C670C0}" =

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish

"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78C3DDD6-0303-4371-9CC1-163F07E87137}" = Remote Play with PlayStation 3

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista

"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French

"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap

"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean

"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{c30d5dce-028f-4eee-b4e9-2da251437557}" = Nero 9 Trial

"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc

"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM

"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor

"{D21CC69B-F120-474C-878A-08F45D86BDE2}" = Click MusicalKEYS

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support

"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime

"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack

"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian

"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AIM_7" = AIM 7

"Amazon Kindle" = Amazon Kindle

"Application Manager for VAIO" = Application Manager for VAIO

"AT&T Natural Voice Mike_is1" = AT&T Natural Voices Mike v. 1.4

"Audacity_is1" = Audacity 1.2.6

"BitLord" = BitLord 1.1

"Click MusicalKEYS_is1" = Click MusicalKEYS 3.0.214

"DAEMON Tools Lite" = DAEMON Tools Lite

"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion Web Plugin

"DVD Shrink_is1" = DVD Shrink 3.2

"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)

"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Standard)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)

"POP Peeper" = POP Peeper

"RealAlt_is1" = Real Alternative 2.0.2

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Steam App 12120" = Grand Theft Auto: San Andreas

"Steam App 220" = Half-Life 2

"Steam App 240" = Counter-Strike: Source

"Steam App 24200" = DC Universe Online

"Steam App 260" = Counter-Strike: Source Beta

"Steam App 300" = Day of Defeat: Source

"Steam App 340" = Half-Life 2: Lost Coast

"Steam App 380" = Half-Life 2: Episode One

"Steam App 400" = Portal

"Steam App 4000" = Garry's Mod

"Steam App 4010" = Garry's Mod 13

"Steam App 420" = Half-Life 2: Episode Two

"Steam App 440" = Team Fortress 2

"Steam App 550" = Left 4 Dead 2

"Steam App 620" = Portal 2

"Steam App 65100" = Demolition Company

"TextAloud MP3_is1" = TextAloud

"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2819605077-4113226334-3711507615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"Winamp Detect" = Winamp Detector Plug-in

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 17-Jun-12 2:50:13 AM | Computer Name = Home2 | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 17-Jun-12 3:24:06 AM | Computer Name = Home2 | Source = Google Update | ID = 20

Description =

Error - 19-Jun-12 6:24:18 AM | Computer Name = Home2 | Source = Google Update | ID = 20

Description =

Error - 21-Jun-12 10:53:47 AM | Computer Name = Home2 | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x000ccb60 Faulting process id: 0x1bc0 Faulting application start time: 0x01cd4fbda9588eac

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: e762d995-bbb0-11e1-8e4d-0024be804c7e

Error - 23-Jun-12 12:49:15 AM | Computer Name = Home2 | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x0010a7e7 Faulting process id: 0xd80 Faulting application start time: 0x01cd50fb89a3fb62

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: c82460bb-bcee-11e1-8e4d-0024be804c7e

Error - 23-Jun-12 3:24:05 AM | Computer Name = Home2 | Source = Google Update | ID = 20

Description =

Error - 23-Jun-12 6:24:05 AM | Computer Name = Home2 | Source = Google Update | ID = 20

Description =

Error - 23-Jun-12 9:24:05 AM | Computer Name = Home2 | Source = Google Update | ID = 20

Description =

Error - 24-Jun-12 2:46:35 AM | Computer Name = Home2 | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x0016b4a9 Faulting process id: 0x1564 Faulting application start time: 0x01cd51d49c12bbb6

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: 56c19836-bdc8-11e1-bb15-0024be804c7e

Error - 24-Jun-12 3:34:46 AM | Computer Name = Home2 | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]

Error - 28-Jul-12 11:22:24 PM | Computer Name = Home2 | Source = bowser | ID = 8003

Description =

Error - 29-Jul-12 12:22:27 AM | Computer Name = Home2 | Source = bowser | ID = 8003

Description =

Error - 29-Jul-12 12:41:23 PM | Computer Name = Home2 | Source = bowser | ID = 8003

Description =

Error - 29-Jul-12 4:41:22 PM | Computer Name = Home2 | Source = bowser | ID = 8003

Description =

Error - 03-Aug-12 1:28:38 PM | Computer Name = Home2 | Source = bowser | ID = 8003

Description =

Error - 04-Aug-12 9:07:08 PM | Computer Name = Home2 | Source = bowser | ID = 8003

Description =

Error - 04-Aug-12 9:43:09 PM | Computer Name = Home2 | Source = bowser | ID = 8003

Description =

Error - 06-Aug-12 4:04:00 PM | Computer Name = Home2 | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 06-Aug-12 4:25:01 PM | Computer Name = Home2 | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 07-Aug-12 1:14:08 AM | Computer Name = Home2 | Source = atikmdag | ID = 43029

Description = Display is not active

< End of report >

[Countryrock2001]

This is what malwarebytes currently has quarantined.

[Countryrock2001]

Here is a HiJackThis log from a scan I just ran. Someone please get back to me on this.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:54:16 PM, on 09-Aug-12

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\POP Peeper\POPPeeper.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Users\DeerSlayer7600\Desktop\HijackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{F158A689-5F56-4735-95DB-B1B7F0E2835A}: NameServer = 209.18.47.61,209.18.47.62

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12463 bytes

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[Countryrock2001]

Rogue Killer report

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: DeerSlayer7600 [Admin rights]

Mode: Scan -- Date: 08/10/2012 10:00:55

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F158A689-5F56-4735-95DB-B1B7F0E2835A} : NameServer (209.18.47.61,209.18.47.62) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{F158A689-5F56-4735-95DB-B1B7F0E2835A} : NameServer (209.18.47.61,209.18.47.62) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : c:\windows\installer\{6228c6a1-aeff-b400-f404-d6220d64c4db}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{6228c6a1-aeff-b400-f404-d6220d64c4db}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723232L9SA60 +++++

--- User ---

[MBR] 70ab0b8a0a52557cdf6dd25df675d69d

[bSP] 9c2c964f3c3d31af909e220791238bf5 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 6190 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12679168 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 12883968 | Size: 298953 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[Countryrock2001]

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 10-08-2012 12:04:06

Running from G:\

Windows 7 Professional (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor)

HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.)

HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.)

HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)

HKLM-x32\...\Run: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [80384 2009-09-02] (Sony Electronics Corporation)

HKLM-x32\...\Run: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [317288 2009-05-26] (Sony Corporation)

HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)

HKU\DeerSlayer7600\...\Run: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min [1613824 2011-11-16] (Mortal Universe)

HKU\DeerSlayer7600\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\DeerSlayer7600\...\Policies\system: [LogonHoursAction] 2

HKU\DeerSlayer7600\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Guest\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKU\Public Use\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKU\Public Use\...\Policies\system: [LogonHoursAction] 2

HKU\Public Use\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{F158A689-5F56-4735-95DB-B1B7F0E2835A}: [NameServer]209.18.47.61,209.18.47.62

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-07-26] ()

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)

2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()

3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-06-26] (Sonic Solutions)

2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-06-26] (Sonic Solutions)

2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)

2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-29] (Sony Corporation)

2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)

1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)

1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)

1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-02-14] (DT Soft Ltd)

2 enodpl; C:\Windows\SysWow64\Drivers\enodpl.sys [7552 2003-03-02] ()

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2010-02-03] (LogMeIn, Inc.)

3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [33792 2005-03-09] ()

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)

2 rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [86528 2009-07-31] (REDC)

2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)

1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)

3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)

3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)

3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)

1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)

0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2009-12-29] (Duplex Secure Ltd.)

2 tandpl; C:\Windows\SysWow64\Drivers\tandpl.sys [4736 2003-04-18] ()

3 tbhsd; C:\Windows\System32\Drivers\tbhsd.sys [46112 2009-12-21] (RapidSolution Software AG)

3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]

1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-10 07:51 - 2012-08-10 07:51 - 01439703 ____A (Farbar) C:\Users\DeerSlayer7600\Desktop\FRST64.exe

2012-08-10 06:00 - 2012-08-10 06:00 - 00002049 ____A C:\Users\DeerSlayer7600\Desktop\RKreport[1].txt

2012-08-10 05:59 - 2012-08-10 06:00 - 00000000 ____D C:\Users\DeerSlayer7600\Desktop\RK_Quarantine

2012-08-10 05:59 - 2012-08-10 05:59 - 01552896 ____A C:\Users\DeerSlayer7600\Desktop\RogueKiller.exe

2012-08-09 09:54 - 2012-08-09 09:54 - 00012465 ____A C:\Users\DeerSlayer7600\Desktop\hijackthis.log

2012-08-09 09:53 - 2012-08-09 09:53 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeerSlayer7600\Desktop\HijackThis.exe

2012-08-09 08:24 - 2012-08-09 08:24 - 00000484 ____A C:\Windows\PFRO.log

2012-08-09 08:15 - 2012-08-09 08:15 - 00000000 ____D C:\_OTL

2012-08-09 06:13 - 2012-08-09 06:13 - 00124042 ____A C:\Users\DeerSlayer7600\Desktop\Extras.Txt

2012-08-09 06:11 - 2012-08-09 06:11 - 00143182 ____A C:\Users\DeerSlayer7600\Desktop\OTL.Txt

2012-08-09 05:50 - 2012-08-09 05:50 - 00596480 ____A (OldTimer Tools) C:\Users\DeerSlayer7600\Desktop\OTL.exe

2012-08-06 12:07 - 2012-08-06 12:07 - 00000000 ____D C:\Users\Public Use\AppData\Local\Adobe

2012-08-03 09:07 - 2012-08-03 09:09 - 00000000 ____D C:\Users\DeerSlayer7600\Documents\My Kindle Content

2012-08-03 09:07 - 2012-08-03 09:07 - 00002005 ____A C:\Users\DeerSlayer7600\Desktop\Kindle.lnk

2012-08-03 09:07 - 2012-08-03 09:07 - 00000000 ____D C:\Users\DeerSlayer7600\AppData\Local\Amazon

2012-08-03 09:07 - 2012-08-03 09:07 - 00000000 ____D C:\Program Files (x86)\Amazon

2012-07-29 12:15 - 2012-07-29 12:15 - 00000000 ____D C:\Users\DeerSlayer7600\AppData\Local\{F6C00431-C170-4DB1-B576-8EFDE53C6D9E}

2012-07-29 12:15 - 2012-07-29 12:15 - 00000000 ____D C:\Users\DeerSlayer7600\AppData\Local\{656E96BC-FAE3-4552-A6A6-717D646199CF}

2012-07-28 21:00 - 2012-08-10 07:54 - 00000112 ____A C:\Windows\setupact.log

2012-07-28 21:00 - 2012-07-28 21:00 - 00000000 ____A C:\Windows\setuperr.log

2012-07-28 17:37 - 2012-07-28 17:38 - 00000000 ____D C:\Users\All Users\HitmanPro

2012-07-28 17:37 - 2012-07-28 17:37 - 00000000 ____D C:\Program Files\HitmanPro

2012-07-28 16:33 - 2012-07-28 16:33 - 00029719 ____A C:\ComboFix.txt

2012-07-25 09:14 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-07-25 09:14 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-07-25 09:14 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-07-25 09:14 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-07-25 09:14 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-07-25 09:14 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-07-25 09:14 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-07-25 09:14 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-07-25 09:13 - 2012-07-25 09:48 - 00000000 ____D C:\Windows\erdnt

2012-07-24 21:45 - 2012-07-08 08:55 - 00443048 ____A C:\Windows\System32\Drivers\etc\hosts.20120725-014558.backup

2012-07-24 21:40 - 2012-07-28 15:46 - 04719842 ____R (Swearware) C:\Users\DeerSlayer7600\Desktop\ComboFix.exe

2012-07-22 17:34 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-22 17:29 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-22 17:29 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-22 17:29 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-22 17:29 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-22 17:29 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-22 17:29 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-22 17:29 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-22 17:29 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-22 17:29 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-22 17:29 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-22 17:29 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-22 17:29 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-22 17:29 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-22 17:29 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-22 17:29 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-22 17:29 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-22 17:29 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-22 17:29 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-22 17:29 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-22 17:29 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-22 17:29 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-22 17:29 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-22 17:29 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-22 17:29 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-22 17:29 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-22 17:29 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-22 17:29 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-22 17:29 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-22 15:42 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-22 15:42 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-22 15:42 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-22 15:41 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-22 15:41 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-22 15:41 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-22 15:41 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-22 15:41 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-22 15:41 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-22 15:41 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-22 15:41 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-22 15:41 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-22 15:41 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-22 15:41 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-22 15:41 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-22 15:41 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-22 15:41 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-22 15:41 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-22 15:41 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-22 14:19 - 2012-07-28 16:34 - 00000000 ____D C:\Qoobox

2012-07-14 13:21 - 2012-07-29 17:28 - 00000000 ____D C:\Users\DeerSlayer7600\AppData\Roaming\Awesomium

============ 3 Months Modified Files ========================

2012-08-10 08:00 - 2009-07-13 20:45 - 00014160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-10 08:00 - 2009-07-13 20:45 - 00014160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-10 07:59 - 2009-12-01 08:42 - 01858820 ____A C:\Windows\WindowsUpdate.log

2012-08-10 07:55 - 2010-05-08 07:34 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-10 07:54 - 2012-07-28 21:00 - 00000112 ____A C:\Windows\setupact.log

2012-08-10 07:54 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-10 07:52 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-10 07:51 - 2012-08-10 07:51 - 01439703 ____A (Farbar) C:\Users\DeerSlayer7600\Desktop\FRST64.exe

2012-08-10 07:35 - 2010-05-08 07:34 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-10 06:00 - 2012-08-10 06:00 - 00002049 ____A C:\Users\DeerSlayer7600\Desktop\RKreport[1].txt

2012-08-10 05:59 - 2012-08-10 05:59 - 01552896 ____A C:\Users\DeerSlayer7600\Desktop\RogueKiller.exe

2012-08-09 09:54 - 2012-08-09 09:54 - 00012465 ____A C:\Users\DeerSlayer7600\Desktop\hijackthis.log

2012-08-09 09:53 - 2012-08-09 09:53 - 00388608 ____A (Trend Micro Inc.) C:\Users\DeerSlayer7600\Desktop\HijackThis.exe

2012-08-09 09:11 - 2010-10-24 16:27 - 02559488 __ASH C:\Users\DeerSlayer7600\Desktop\Thumbs.db

2012-08-09 08:24 - 2012-08-09 08:24 - 00000484 ____A C:\Windows\PFRO.log

2012-08-09 06:13 - 2012-08-09 06:13 - 00124042 ____A C:\Users\DeerSlayer7600\Desktop\Extras.Txt

2012-08-09 06:11 - 2012-08-09 06:11 - 00143182 ____A C:\Users\DeerSlayer7600\Desktop\OTL.Txt

2012-08-09 05:50 - 2012-08-09 05:50 - 00596480 ____A (OldTimer Tools) C:\Users\DeerSlayer7600\Desktop\OTL.exe

2012-08-03 09:07 - 2012-08-03 09:07 - 00002005 ____A C:\Users\DeerSlayer7600\Desktop\Kindle.lnk

2012-07-30 21:02 - 2009-12-10 13:46 - 00412496 ____A C:\test.xml

2012-07-28 21:00 - 2012-07-28 21:00 - 00000000 ____A C:\Windows\setuperr.log

2012-07-28 19:20 - 2010-07-09 10:18 - 00095744 __ASH C:\Users\DeerSlayer7600\Thumbs.db

2012-07-28 16:33 - 2012-07-28 16:33 - 00029719 ____A C:\ComboFix.txt

2012-07-28 16:04 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-07-28 15:46 - 2012-07-24 21:40 - 04719842 ____R (Swearware) C:\Users\DeerSlayer7600\Desktop\ComboFix.exe

2012-07-23 04:58 - 2011-09-05 08:11 - 00000972 ____A C:\Users\Public\Desktop\AVG 2012.lnk

2012-07-22 17:38 - 2009-07-13 20:45 - 00300872 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-22 17:30 - 2009-12-10 17:51 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-22 15:45 - 2012-04-07 16:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-22 15:45 - 2011-05-18 06:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-08 09:12 - 2012-07-08 09:12 - 00006183 ____A C:\Windows\wininit.ini

2012-07-08 08:55 - 2012-07-24 21:45 - 00443048 ____A C:\Windows\System32\Drivers\etc\hosts.20120725-014558.backup

2012-06-23 18:09 - 2011-06-01 09:58 - 00000353 ____A C:\Users\DeerSlayer7600\AppData\Roaming\Network Meter_Settings.ini

2012-06-23 18:05 - 2012-06-23 18:05 - 00000241 ____A C:\Users\DeerSlayer7600\AppData\Roaming\GPU Meter_Settings.ini

2012-06-12 08:04 - 2009-12-19 10:06 - 00001922 ____A C:\Users\Public\Desktop\AIM.lnk

2012-06-12 08:04 - 2009-12-19 10:06 - 00001118 ___AH C:\IPH.PH

2012-06-11 19:08 - 2012-07-22 17:34 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-22 15:41 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-22 15:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-22 15:42 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-22 15:42 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-22 15:41 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-22 15:42 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-22 15:41 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-22 15:41 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-03 17:36 - 2010-05-15 15:41 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys

2012-06-02 14:19 - 2012-06-08 15:10 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-08 15:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-08 15:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-08 15:10 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-08 15:10 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-08 15:10 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-08 15:10 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-08 15:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:15 - 2012-06-08 15:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-22 17:29 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-22 17:29 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-22 17:29 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-22 17:29 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-22 17:29 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-22 17:29 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-22 17:29 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-22 17:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-22 17:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-22 17:29 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-22 17:29 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-22 17:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-22 17:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-22 17:29 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-22 17:29 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-22 17:29 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-22 17:29 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-22 17:29 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-22 17:29 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-22 17:29 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-22 17:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-22 17:29 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-22 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-22 17:29 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-22 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-22 17:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-22 17:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-22 17:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-22 15:41 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-22 15:41 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-22 15:41 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-22 15:41 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-22 15:41 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-22 15:41 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-22 15:41 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-22 15:41 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-22 15:41 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-29 17:24 - 2009-12-28 15:55 - 00067040 ____A C:\Users\Public Use\AppData\Local\GDIPFONTCACHEV1.DAT

ZeroAccess:

C:\Windows\Installer\{6228c6a1-aeff-b400-f404-d6220d64c4db}

C:\Windows\Installer\{6228c6a1-aeff-b400-f404-d6220d64c4db}\L

C:\Windows\Installer\{6228c6a1-aeff-b400-f404-d6220d64c4db}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%

Total physical RAM: 4063.02 MB

Available physical RAM: 3430.31 MB

Total Pagefile: 4061.17 MB

Available Pagefile: 3424.76 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:291.95 GB) (Free:86.77 GB) NTFS

2 Drive e: (Recovery) (Fixed) (Total:6.04 GB) (Free:0.84 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.79 GB) NTFS

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 1907 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 6190 MB 1024 KB

Partition 2 Primary 100 MB 6191 MB

Partition 3 Primary 291 GB 6291 MB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E Recovery NTFS Partition 6190 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Windows NTFS Partition 291 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G NTFS Removable 1907 MB Healthy

==================================================================================

Last Boot: 2012-08-06 20:21

======================= End Of Log ==========================

[Countryrock2001]

Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 2012-08-10 12:08:21

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe

[2012-07-25 09:49] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

[MrCharlie]

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

[Countryrock2001]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 2012-08-10 12:34:25 Run:1

Running from G:\

==============================================

C:\Windows\Installer\{6228c6a1-aeff-b400-f404-d6220d64c4db} moved successfully.

C:\Windows\Installer\{6228c6a1-aeff-b400-f404-d6220d64c4db}\L not found.

C:\Windows\Installer\{6228c6a1-aeff-b400-f404-d6220d64c4db}\U not found.

==== End of Fixlog ====

[MrCharlie]

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Countryrock2001]

Combofix is preparing the log report now, but I have to leave for work shortly and will post the log as soon as I get home around 12:30am.

[MrCharlie]

Take your time, MrC

[Countryrock2001]

ComboFix 12-08-09.01 - DeerSlayer7600 10-Aug-12 12:50:19.3.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4063.2537 [GMT -4:00]

Running from: c:\users\DeerSlayer7600\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-10 20:03 . 2012-08-10 20:04 -------- d-----w- C:\FRST

2012-08-10 17:43 . 2012-08-10 17:43 -------- d-----w- c:\users\Public Use\AppData\Local\temp

2012-08-10 17:43 . 2012-08-10 17:43 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-08-10 17:43 . 2012-08-10 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-09 16:15 . 2012-08-09 16:15 -------- d-----w- C:\_OTL

2012-08-06 20:07 . 2012-08-06 20:07 -------- d-----w- c:\users\Public Use\AppData\Local\Adobe

2012-08-03 17:07 . 2012-08-03 17:07 -------- d-----w- c:\users\DeerSlayer7600\AppData\Local\Amazon

2012-08-03 17:07 . 2012-08-03 17:07 -------- d-----w- c:\program files (x86)\Amazon

2012-07-29 01:37 . 2012-07-29 01:37 -------- d-----w- c:\program files\HitmanPro

2012-07-29 01:37 . 2012-07-29 01:38 -------- d-----w- c:\programdata\HitmanPro

2012-07-23 01:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-22 23:42 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-22 23:42 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-22 23:42 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-14 21:21 . 2012-07-30 01:28 -------- d-----w- c:\users\DeerSlayer7600\AppData\Roaming\Awesomium

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-23 01:30 . 2009-12-11 01:51 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-22 23:45 . 2012-04-08 00:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-22 23:45 . 2011-05-18 14:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-04 01:36 . 2010-05-15 23:41 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-06-02 22:19 . 2012-06-08 23:10 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-08 23:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-08 23:10 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-08 23:10 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-08 23:10 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-08 23:10 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-08 23:10 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-08 23:10 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-08 23:10 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-25_17.33.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-08-09 16:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-24 13:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-08-10 15:24 . 2012-08-09 16:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-24 13:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-24 13:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-09 16:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-04 17:57 . 2012-08-10 16:40 63732 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-10 16:40 50578 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-09 21:08 . 2012-08-10 16:40 21374 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2819605077-4113226334-3711507615-1000_UserData.bin

- 2009-12-09 21:03 . 2012-07-24 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-09 21:03 . 2012-08-07 18:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-24 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-07 18:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-04 17:55 . 2012-07-22 21:43 2175 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2009-09-04 17:55 . 2012-07-29 00:37 2175 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-07-24 13:09 . 2012-07-24 13:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-10 16:36 . 2012-08-10 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-24 13:09 . 2012-07-24 13:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-10 16:36 . 2012-08-10 16:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-12-11 00:48 . 2012-08-09 16:24 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-12-11 00:48 . 2012-07-24 13:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 02:36 . 2012-07-09 19:52 624412 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-10 15:52 624412 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-10 15:52 106756 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-07-09 19:52 106756 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:12 . 2012-07-29 23:36 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2012-07-22 23:35 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-12-09 21:03 . 2012-07-24 14:02 114688 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-09 21:03 . 2012-08-07 18:37 114688 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:46 . 2012-07-24 13:17 106448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2012-08-09 16:28 106448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-07-14 05:01 . 2012-07-23 18:01 289116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-10 16:31 289116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-05-09 18:05 . 2012-07-17 21:12 1880092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819605077-4113226334-3711507615-1003-8192.dat

+ 2011-05-09 18:05 . 2012-08-09 16:23 1880092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819605077-4113226334-3711507615-1003-8192.dat

+ 2009-12-13 05:56 . 2012-08-10 16:31 8661928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2819605077-4113226334-3711507615-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-09 23:44 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"POP Peeper"="c:\program files (x86)\POP Peeper\POPPeeper.exe" [2011-11-16 1613824]

"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-09-03 80384]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-07-01 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 136176]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]

R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-08-03 35104]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 136176]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 84568]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 60504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VBTUSB;VBTUSB.Sys VAIO Bluetooth Driver over USB device;c:\windows\system32\Drivers\VBTUSB.sys [2010-06-17 14848]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-17 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-30 834544]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-14 254528]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 253528]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 94296]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]

S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 84568]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]

2010-02-16 23:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 15:34]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-08 15:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 15:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F158A689-5F56-4735-95DB-B1B7F0E2835A}: NameServer = 209.18.47.61,209.18.47.62

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\DeerSlayer7600\AppData\Roaming\Mozilla\Firefox\Profiles\cvh7xht7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\DeerSlayer7600\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2819605077-4113226334-3711507615-1000\Software\SecuROM\License information*]

"datasecu"=hex:f8,f4,1a,0d,ee,13,83,b3,e6,73,39,48,d1,01,d4,ef,83,60,54,f6,ca,

b7,2c,10,61,c8,db,02,03,11,10,1b,d9,29,ee,a9,9d,09,eb,a3,3f,7a,88,d0,08,2d,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-10 14:08:54

ComboFix-quarantined-files.txt 2012-08-10 18:08

ComboFix2.txt 2012-07-29 00:33

ComboFix3.txt 2012-07-25 18:01

.

Pre-Run: 93,099,712,512 bytes free

Post-Run: 92,634,710,016 bytes free

.

- - End Of File - - FF2DCDDA32DC23BB61EF10FF6096CC78

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Countryrock2001]

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

DeerSlayer7600 :: HOME2 [administrator]

Protection: Enabled

11-Aug-12 10:28:01 AM

mbam-log-2012-08-11 (10-28-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 239202

Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

What should I do with the stuff that was quarantined from a previous scan?

[MrCharlie]

What should I do with the stuff that was quarantined from a previous scan?

We'll delete it when we're done.

How is it running?? MrC

[Countryrock2001]

I am also still getting the google redirects.

[MrCharlie]

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[Countryrock2001]

This is what it found. Cure all?

[MrCharlie]

Skip and post the log, MrC

[Countryrock2001]

13:16:29.0339 3728 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

13:16:29.0698 3728 ============================================================

13:16:29.0698 3728 Current date / time: 2012/08/11 13:16:29.0698

13:16:29.0698 3728 SystemInfo:

13:16:29.0698 3728

13:16:29.0698 3728 OS Version: 6.1.7601 ServicePack: 1.0

13:16:29.0698 3728 Product type: Workstation

13:16:29.0698 3728 ComputerName: HOME2

13:16:29.0698 3728 UserName: DeerSlayer7600

13:16:29.0698 3728 Windows directory: C:\Windows

13:16:29.0698 3728 System windows directory: C:\Windows

13:16:29.0698 3728 Running under WOW64

13:16:29.0698 3728 Processor architecture: Intel x64

13:16:29.0698 3728 Number of processors: 2

13:16:29.0698 3728 Page size: 0x1000

13:16:29.0698 3728 Boot type: Normal boot

13:16:29.0698 3728 ============================================================

13:16:30.0509 3728 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:16:30.0524 3728 ============================================================

13:16:30.0524 3728 \Device\Harddisk0\DR0:

13:16:30.0524 3728 MBR partitions:

13:16:30.0524 3728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC17800, BlocksNum 0x32000

13:16:30.0524 3728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC49800, BlocksNum 0x247E4AB0

13:16:30.0524 3728 ============================================================

13:16:30.0556 3728 C: <-> \Device\Harddisk0\DR0\Partition1

13:16:30.0556 3728 ============================================================

13:16:30.0556 3728 Initialize success

13:16:30.0556 3728 ============================================================

13:17:39.0942 6012 ============================================================

13:17:39.0942 6012 Scan started

13:17:39.0942 6012 Mode: Manual; SigCheck; TDLFS;

13:17:39.0942 6012 ============================================================

13:17:40.0519 6012 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:17:40.0675 6012 1394ohci - ok

13:17:40.0784 6012 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

13:17:40.0831 6012 ACDaemon - ok

13:17:40.0878 6012 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:17:40.0894 6012 ACPI - ok

13:17:40.0909 6012 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:17:41.0050 6012 AcpiPmi - ok

13:17:41.0128 6012 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:17:41.0159 6012 AdobeARMservice - ok

13:17:41.0206 6012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:17:41.0237 6012 adp94xx - ok

13:17:41.0268 6012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:17:41.0284 6012 adpahci - ok

13:17:41.0299 6012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:17:41.0315 6012 adpu320 - ok

13:17:41.0330 6012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:17:41.0518 6012 AeLookupSvc - ok

13:17:41.0596 6012 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:17:41.0705 6012 AFD - ok

13:17:41.0752 6012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:17:41.0767 6012 agp440 - ok

13:17:41.0783 6012 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:17:41.0830 6012 ALG - ok

13:17:41.0861 6012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:17:41.0876 6012 aliide - ok

13:17:41.0892 6012 AMD External Events Utility (322a2c5d390109a4e50679ab58dea870) C:\Windows\system32\atiesrxx.exe

13:17:41.0923 6012 AMD External Events Utility - ok

13:17:41.0939 6012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:17:41.0954 6012 amdide - ok

13:17:41.0986 6012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:17:42.0079 6012 AmdK8 - ok

13:17:42.0079 6012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:17:42.0142 6012 AmdPPM - ok

13:17:42.0188 6012 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:17:42.0235 6012 amdsata - ok

13:17:42.0266 6012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:17:42.0282 6012 amdsbs - ok

13:17:42.0298 6012 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:17:42.0313 6012 amdxata - ok

13:17:42.0360 6012 ApfiltrService (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\DRIVERS\Apfiltr.sys

13:17:42.0391 6012 ApfiltrService - ok

13:17:42.0438 6012 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:17:42.0656 6012 AppID - ok

13:17:42.0672 6012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:17:42.0781 6012 AppIDSvc - ok

13:17:42.0828 6012 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:17:42.0890 6012 Appinfo - ok

13:17:42.0922 6012 appliandMP - ok

13:17:42.0953 6012 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

13:17:43.0046 6012 AppMgmt - ok

13:17:43.0093 6012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:17:43.0124 6012 arc - ok

13:17:43.0171 6012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:17:43.0187 6012 arcsas - ok

13:17:43.0202 6012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:17:43.0249 6012 AsyncMac - ok

13:17:43.0296 6012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:17:43.0327 6012 atapi - ok

13:17:43.0670 6012 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys

13:17:43.0873 6012 atikmdag - ok

13:17:44.0060 6012 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:17:44.0154 6012 AudioEndpointBuilder - ok

13:17:44.0170 6012 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:17:44.0201 6012 AudioSrv - ok

13:17:44.0466 6012 AVG Security Toolbar Service (080d4fe1435401a370f122614ea514cd) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe

13:17:44.0497 6012 AVG Security Toolbar Service - ok

13:17:44.0950 6012 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

13:17:45.0074 6012 AVGIDSAgent - ok

13:17:45.0215 6012 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys

13:17:45.0246 6012 AVGIDSDriver - ok

13:17:45.0262 6012 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys

13:17:45.0277 6012 AVGIDSFilter - ok

13:17:45.0340 6012 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys

13:17:45.0371 6012 AVGIDSHA - ok

13:17:45.0402 6012 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys

13:17:45.0418 6012 Avgldx64 - ok

13:17:45.0464 6012 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys

13:17:45.0496 6012 Avgmfx64 - ok

13:17:45.0542 6012 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys

13:17:45.0574 6012 Avgrkx64 - ok

13:17:45.0683 6012 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys

13:17:45.0714 6012 Avgtdia - ok

13:17:45.0854 6012 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

13:17:45.0886 6012 avgwd - ok

13:17:45.0948 6012 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:17:46.0057 6012 AxInstSV - ok

13:17:46.0104 6012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:17:46.0198 6012 b06bdrv - ok

13:17:46.0229 6012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:17:46.0307 6012 b57nd60a - ok

13:17:46.0338 6012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:17:46.0400 6012 BDESVC - ok

13:17:46.0432 6012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:17:46.0525 6012 Beep - ok

13:17:46.0681 6012 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

13:17:46.0759 6012 BFE - ok

13:17:46.0884 6012 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

13:17:46.0978 6012 BITS - ok

13:17:47.0040 6012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:17:47.0071 6012 blbdrive - ok

13:17:47.0118 6012 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:17:47.0165 6012 bowser - ok

13:17:47.0196 6012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:17:47.0290 6012 BrFiltLo - ok

13:17:47.0290 6012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:17:47.0336 6012 BrFiltUp - ok

13:17:47.0368 6012 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

13:17:47.0430 6012 BridgeMP - ok

13:17:47.0492 6012 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:17:47.0570 6012 Browser - ok

13:17:47.0602 6012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:17:47.0695 6012 Brserid - ok

13:17:47.0726 6012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:17:47.0773 6012 BrSerWdm - ok

13:17:47.0789 6012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:17:47.0851 6012 BrUsbMdm - ok

13:17:47.0867 6012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:17:47.0898 6012 BrUsbSer - ok

13:17:47.0976 6012 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

13:17:48.0070 6012 BthEnum - ok

13:17:48.0085 6012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:17:48.0163 6012 BTHMODEM - ok

13:17:48.0179 6012 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

13:17:48.0257 6012 BthPan - ok

13:17:48.0288 6012 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

13:17:48.0366 6012 BTHPORT - ok

13:17:48.0397 6012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:17:48.0444 6012 bthserv - ok

13:17:48.0460 6012 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

13:17:48.0506 6012 BTHUSB - ok

13:17:48.0584 6012 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys

13:17:48.0631 6012 btusbflt - ok

13:17:48.0647 6012 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

13:17:48.0662 6012 btwaudio - ok

13:17:48.0678 6012 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys

13:17:48.0694 6012 btwavdt - ok

13:17:48.0787 6012 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

13:17:48.0850 6012 btwdins - ok

13:17:48.0865 6012 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

13:17:48.0865 6012 btwl2cap - ok

13:17:48.0881 6012 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

13:17:48.0896 6012 btwrchid - ok

13:17:48.0912 6012 catchme - ok

13:17:48.0943 6012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:17:49.0006 6012 cdfs - ok

13:17:49.0052 6012 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

13:17:49.0084 6012 cdrom - ok

13:17:49.0162 6012 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:17:49.0240 6012 CertPropSvc - ok

13:17:49.0286 6012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:17:49.0333 6012 circlass - ok

13:17:49.0380 6012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:17:49.0396 6012 CLFS - ok

13:17:49.0442 6012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:17:49.0458 6012 clr_optimization_v2.0.50727_32 - ok

13:17:49.0505 6012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:17:49.0520 6012 clr_optimization_v2.0.50727_64 - ok

13:17:49.0583 6012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:17:49.0598 6012 clr_optimization_v4.0.30319_32 - ok

13:17:49.0630 6012 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:17:49.0645 6012 clr_optimization_v4.0.30319_64 - ok

13:17:49.0661 6012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:17:49.0708 6012 CmBatt - ok

13:17:49.0770 6012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:17:49.0786 6012 cmdide - ok

13:17:49.0832 6012 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

13:17:49.0848 6012 CNG - ok

13:17:49.0864 6012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:17:49.0879 6012 Compbatt - ok

13:17:49.0926 6012 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:17:50.0004 6012 CompositeBus - ok

13:17:50.0004 6012 COMSysApp - ok

13:17:50.0035 6012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:17:50.0035 6012 crcdisk - ok

13:17:50.0098 6012 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

13:17:50.0191 6012 CryptSvc - ok

13:17:50.0269 6012 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

13:17:50.0378 6012 CSC - ok

13:17:50.0488 6012 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

13:17:50.0550 6012 CscService - ok

13:17:50.0612 6012 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:17:50.0690 6012 DcomLaunch - ok

13:17:50.0722 6012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:17:50.0784 6012 defragsvc - ok

13:17:50.0862 6012 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:17:50.0956 6012 DfsC - ok

13:17:51.0034 6012 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:17:51.0127 6012 Dhcp - ok

13:17:51.0158 6012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:17:51.0268 6012 discache - ok

13:17:51.0283 6012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:17:51.0299 6012 Disk - ok

13:17:51.0346 6012 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:17:51.0439 6012 Dnscache - ok

13:17:51.0502 6012 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:17:51.0595 6012 dot3svc - ok

13:17:51.0642 6012 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:17:51.0736 6012 DPS - ok

13:17:51.0751 6012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:17:51.0767 6012 drmkaud - ok

13:17:51.0814 6012 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

13:17:51.0814 6012 dtsoftbus01 - ok

13:17:51.0954 6012 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:17:52.0001 6012 DXGKrnl - ok

13:17:52.0032 6012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:17:52.0110 6012 EapHost - ok

13:17:52.0328 6012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:17:52.0453 6012 ebdrv - ok

13:17:52.0594 6012 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:17:52.0687 6012 EFS - ok

13:17:52.0828 6012 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:17:52.0937 6012 ehRecvr - ok

13:17:52.0968 6012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:17:53.0046 6012 ehSched - ok

13:17:53.0124 6012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:17:53.0171 6012 elxstor - ok

13:17:53.0186 6012 enodpl - ok

13:17:53.0233 6012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:17:53.0296 6012 ErrDev - ok

13:17:53.0342 6012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:17:53.0405 6012 EventSystem - ok

13:17:53.0576 6012 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

13:17:53.0623 6012 EvtEng - ok

13:17:53.0732 6012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:17:53.0810 6012 exfat - ok

13:17:53.0842 6012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:17:53.0904 6012 fastfat - ok

13:17:53.0998 6012 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:17:54.0107 6012 Fax - ok

13:17:54.0138 6012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:17:54.0185 6012 fdc - ok

13:17:54.0216 6012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:17:54.0294 6012 fdPHost - ok

13:17:54.0310 6012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:17:54.0388 6012 FDResPub - ok

13:17:54.0403 6012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:17:54.0419 6012 FileInfo - ok

13:17:54.0450 6012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:17:54.0528 6012 Filetrace - ok

13:17:54.0544 6012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:17:54.0559 6012 flpydisk - ok

13:17:54.0637 6012 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:17:54.0668 6012 FltMgr - ok

13:17:54.0762 6012 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:17:54.0871 6012 FontCache - ok

13:17:54.0965 6012 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:17:54.0996 6012 FontCache3.0.0.0 - ok

13:17:55.0043 6012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:17:55.0058 6012 FsDepends - ok

13:17:55.0105 6012 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

13:17:55.0152 6012 Fs_Rec - ok

13:17:55.0214 6012 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:17:55.0277 6012 fvevol - ok

13:17:55.0292 6012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:17:55.0308 6012 gagp30kx - ok

13:17:55.0402 6012 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:17:55.0480 6012 gpsvc - ok

13:17:55.0589 6012 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:17:55.0604 6012 gupdate - ok

13:17:55.0620 6012 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:17:55.0636 6012 gupdatem - ok

13:17:55.0682 6012 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

13:17:55.0729 6012 hamachi - ok

13:17:55.0760 6012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:17:55.0823 6012 hcw85cir - ok

13:17:55.0963 6012 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:17:56.0010 6012 HdAudAddService - ok

13:17:56.0026 6012 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:17:56.0088 6012 HDAudBus - ok

13:17:56.0104 6012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:17:56.0166 6012 HidBatt - ok

13:17:56.0213 6012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:17:56.0260 6012 HidBth - ok

13:17:56.0291 6012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:17:56.0338 6012 HidIr - ok

13:17:56.0384 6012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

13:17:56.0462 6012 hidserv - ok

13:17:56.0509 6012 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:17:56.0540 6012 HidUsb - ok

13:17:56.0587 6012 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:17:56.0696 6012 hkmsvc - ok

13:17:56.0759 6012 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:17:56.0852 6012 HomeGroupListener - ok

13:17:56.0930 6012 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:17:56.0977 6012 HomeGroupProvider - ok

13:17:56.0993 6012 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:17:57.0008 6012 HpSAMD - ok

13:17:57.0102 6012 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:17:57.0211 6012 HTTP - ok

13:17:57.0242 6012 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:17:57.0258 6012 hwpolicy - ok

13:17:57.0305 6012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:17:57.0320 6012 i8042prt - ok

13:17:57.0383 6012 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

13:17:57.0430 6012 IAANTMON - ok

13:17:57.0461 6012 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

13:17:57.0476 6012 iaStor - ok

13:17:57.0570 6012 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:17:57.0617 6012 iaStorV - ok

13:17:57.0788 6012 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:17:57.0820 6012 idsvc - ok

13:17:57.0882 6012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:17:57.0913 6012 iirsp - ok

13:17:58.0038 6012 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:17:58.0116 6012 IKEEXT - ok

13:17:58.0272 6012 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys

13:17:58.0412 6012 IntcAzAudAddService - ok

13:17:58.0537 6012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:17:58.0553 6012 intelide - ok

13:17:58.0584 6012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:17:58.0615 6012 intelppm - ok

13:17:58.0662 6012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:17:58.0756 6012 IPBusEnum - ok

13:17:58.0818 6012 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:17:58.0849 6012 IpFilterDriver - ok

13:17:58.0943 6012 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

13:17:59.0021 6012 iphlpsvc - ok

13:17:59.0036 6012 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:17:59.0083 6012 IPMIDRV - ok

13:17:59.0114 6012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:17:59.0161 6012 IPNAT - ok

13:17:59.0192 6012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:17:59.0317 6012 IRENUM - ok

13:17:59.0380 6012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:17:59.0411 6012 isapnp - ok

13:17:59.0442 6012 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:17:59.0458 6012 iScsiPrt - ok

13:17:59.0473 6012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:17:59.0489 6012 kbdclass - ok

13:17:59.0504 6012 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

13:17:59.0551 6012 kbdhid - ok

13:17:59.0598 6012 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:17:59.0598 6012 KeyIso - ok

13:17:59.0629 6012 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

13:17:59.0645 6012 KSecDD - ok

13:17:59.0676 6012 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

13:17:59.0692 6012 KSecPkg - ok

13:17:59.0707 6012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:17:59.0770 6012 ksthunk - ok

13:17:59.0848 6012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:17:59.0926 6012 KtmRm - ok

13:17:59.0972 6012 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

13:18:00.0035 6012 LanmanServer - ok

13:18:00.0113 6012 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:18:00.0175 6012 LanmanWorkstation - ok

13:18:00.0175 6012 Lbd - ok

13:18:00.0316 6012 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

13:18:00.0347 6012 LBTServ - ok

13:18:00.0378 6012 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys

13:18:00.0394 6012 LHidFilt - ok

13:18:00.0409 6012 libusb0 - ok

13:18:00.0425 6012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:18:00.0518 6012 lltdio - ok

13:18:00.0565 6012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:18:00.0596 6012 lltdsvc - ok

13:18:00.0628 6012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:18:00.0659 6012 lmhosts - ok

13:18:00.0659 6012 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys

13:18:00.0674 6012 LMouFilt - ok

13:18:00.0706 6012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:18:00.0721 6012 LSI_FC - ok

13:18:00.0737 6012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:18:00.0752 6012 LSI_SAS - ok

13:18:00.0768 6012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:18:00.0784 6012 LSI_SAS2 - ok

13:18:00.0830 6012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:18:00.0862 6012 LSI_SCSI - ok

13:18:00.0893 6012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:18:00.0955 6012 luafv - ok

13:18:01.0018 6012 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

13:18:01.0064 6012 MBAMProtector - ok

13:18:01.0236 6012 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:18:01.0298 6012 MBAMService - ok

13:18:01.0345 6012 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:18:01.0392 6012 Mcx2Svc - ok

13:18:01.0423 6012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:18:01.0454 6012 megasas - ok

13:18:01.0470 6012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:18:01.0501 6012 MegaSR - ok

13:18:01.0517 6012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:18:01.0579 6012 MMCSS - ok

13:18:01.0610 6012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:18:01.0657 6012 Modem - ok

13:18:01.0688 6012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:18:01.0720 6012 monitor - ok

13:18:01.0782 6012 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys

13:18:01.0798 6012 MotioninJoyXFilter - ok

13:18:01.0891 6012 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

13:18:01.0891 6012 MotoHelper - ok

13:18:01.0954 6012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:18:01.0985 6012 mouclass - ok

13:18:02.0000 6012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:18:02.0047 6012 mouhid - ok

13:18:02.0094 6012 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:18:02.0110 6012 mountmgr - ok

13:18:02.0234 6012 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:18:02.0266 6012 MozillaMaintenance - ok

13:18:02.0297 6012 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:18:02.0312 6012 mpio - ok

13:18:02.0344 6012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:18:02.0375 6012 mpsdrv - ok

13:18:02.0484 6012 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

13:18:02.0578 6012 MpsSvc - ok

13:18:02.0624 6012 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:18:02.0687 6012 MRxDAV - ok

13:18:02.0765 6012 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:18:02.0843 6012 mrxsmb - ok

13:18:02.0905 6012 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:18:02.0952 6012 mrxsmb10 - ok

13:18:02.0983 6012 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:18:03.0030 6012 mrxsmb20 - ok

13:18:03.0061 6012 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:18:03.0108 6012 msahci - ok

13:18:03.0124 6012 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:18:03.0139 6012 msdsm - ok

13:18:03.0170 6012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:18:03.0217 6012 MSDTC - ok

13:18:03.0280 6012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:18:03.0311 6012 Msfs - ok

13:18:03.0311 6012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:18:03.0373 6012 mshidkmdf - ok

13:18:03.0389 6012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:18:03.0404 6012 msisadrv - ok

13:18:03.0436 6012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:18:03.0498 6012 MSiSCSI - ok

13:18:03.0498 6012 msiserver - ok

13:18:03.0529 6012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:18:03.0592 6012 MSKSSRV - ok

13:18:03.0623 6012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:18:03.0654 6012 MSPCLOCK - ok

13:18:03.0670 6012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:18:03.0763 6012 MSPQM - ok

13:18:03.0826 6012 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:18:03.0872 6012 MsRPC - ok

13:18:03.0950 6012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:18:03.0982 6012 mssmbios - ok

13:18:04.0013 6012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:18:04.0075 6012 MSTEE - ok

13:18:04.0091 6012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:18:04.0122 6012 MTConfig - ok

13:18:04.0153 6012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:18:04.0169 6012 Mup - ok

13:18:04.0262 6012 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:18:04.0340 6012 napagent - ok

13:18:04.0387 6012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:18:04.0450 6012 NativeWifiP - ok

13:18:04.0528 6012 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:18:04.0559 6012 NDIS - ok

13:18:04.0590 6012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:18:04.0637 6012 NdisCap - ok

13:18:04.0652 6012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:18:04.0684 6012 NdisTapi - ok

13:18:04.0730 6012 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:18:04.0777 6012 Ndisuio - ok

13:18:04.0824 6012 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:18:04.0886 6012 NdisWan - ok

13:18:04.0933 6012 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:18:04.0964 6012 NDProxy - ok

13:18:05.0120 6012 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

13:18:05.0167 6012 Nero BackItUp Scheduler 4.0 - ok

13:18:05.0198 6012 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll

13:18:05.0230 6012 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:18:05.0230 6012 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:18:05.0261 6012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:18:05.0339 6012 NetBIOS - ok

13:18:05.0417 6012 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:18:05.0495 6012 NetBT - ok

13:18:05.0542 6012 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:18:05.0557 6012 Netlogon - ok

13:18:05.0604 6012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:18:05.0682 6012 Netman - ok

13:18:05.0713 6012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:18:05.0776 6012 netprofm - ok

13:18:05.0869 6012 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:18:05.0885 6012 NetTcpPortSharing - ok

13:18:06.0322 6012 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

13:18:06.0556 6012 NETw5s64 - ok

13:18:07.0008 6012 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys

13:18:07.0195 6012 netw5v64 - ok

13:18:07.0304 6012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:18:07.0336 6012 nfrd960 - ok

13:18:07.0398 6012 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:18:07.0476 6012 NlaSvc - ok

13:18:07.0507 6012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:18:07.0554 6012 Npfs - ok

13:18:07.0570 6012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:18:07.0601 6012 nsi - ok

13:18:07.0616 6012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:18:07.0663 6012 nsiproxy - ok

13:18:07.0819 6012 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:18:07.0866 6012 Ntfs - ok

13:18:07.0991 6012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:18:08.0053 6012 Null - ok

13:18:08.0100 6012 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:18:08.0116 6012 nvraid - ok

13:18:08.0162 6012 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:18:08.0178 6012 nvstor - ok

13:18:08.0240 6012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:18:08.0256 6012 nv_agp - ok

13:18:08.0272 6012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:18:08.0303 6012 ohci1394 - ok

13:18:08.0365 6012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:18:08.0443 6012 p2pimsvc - ok

13:18:08.0506 6012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:18:08.0537 6012 p2psvc - ok

13:18:08.0568 6012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:18:08.0584 6012 Parport - ok

13:18:08.0646 6012 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

13:18:08.0677 6012 partmgr - ok

13:18:08.0693 6012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:18:08.0755 6012 PcaSvc - ok

13:18:08.0786 6012 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:18:08.0802 6012 pci - ok

13:18:08.0818 6012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:18:08.0833 6012 pciide - ok

13:18:08.0864 6012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:18:08.0880 6012 pcmcia - ok

13:18:08.0896 6012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:18:08.0911 6012 pcw - ok

13:18:08.0958 6012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:18:09.0052 6012 PEAUTH - ok

13:18:09.0176 6012 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

13:18:09.0286 6012 PeerDistSvc - ok

13:18:09.0379 6012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:18:09.0410 6012 PerfHost - ok

13:18:09.0629 6012 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:18:09.0722 6012 pla - ok

13:18:09.0800 6012 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:18:09.0894 6012 PlugPlay - ok

13:18:09.0925 6012 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll

13:18:09.0956 6012 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:18:09.0956 6012 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:18:09.0988 6012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:18:10.0050 6012 PNRPAutoReg - ok

13:18:10.0097 6012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:18:10.0128 6012 PNRPsvc - ok

13:18:10.0206 6012 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:18:10.0253 6012 PolicyAgent - ok

13:18:10.0315 6012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:18:10.0378 6012 Power - ok

13:18:10.0456 6012 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:18:10.0518 6012 PptpMiniport - ok

13:18:10.0549 6012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:18:10.0596 6012 Processor - ok

13:18:10.0643 6012 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

13:18:10.0721 6012 ProfSvc - ok

13:18:10.0783 6012 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:18:10.0814 6012 ProtectedStorage - ok

13:18:10.0861 6012 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:18:10.0955 6012 Psched - ok

13:18:10.0970 6012 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

13:18:10.0986 6012 PxHlpa64 - ok

13:18:11.0080 6012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:18:11.0142 6012 ql2300 - ok

13:18:11.0267 6012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:18:11.0282 6012 ql40xx - ok

13:18:11.0329 6012 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:18:11.0345 6012 QWAVE - ok

13:18:11.0376 6012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:18:11.0407 6012 QWAVEdrv - ok

13:18:11.0438 6012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:18:11.0516 6012 RasAcd - ok

13:18:11.0548 6012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:18:11.0610 6012 RasAgileVpn - ok

13:18:11.0641 6012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:18:11.0688 6012 RasAuto - ok

13:18:11.0735 6012 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:18:11.0813 6012 Rasl2tp - ok

13:18:11.0875 6012 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:18:11.0922 6012 RasMan - ok

13:18:11.0953 6012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:18:12.0016 6012 RasPppoe - ok

13:18:12.0047 6012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:18:12.0094 6012 RasSstp - ok

13:18:12.0156 6012 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:18:12.0203 6012 rdbss - ok

13:18:12.0218 6012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:18:12.0265 6012 rdpbus - ok

13:18:12.0281 6012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:18:12.0343 6012 RDPCDD - ok

13:18:12.0406 6012 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

13:18:12.0452 6012 RDPDR - ok

13:18:12.0468 6012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:18:12.0515 6012 RDPENCDD - ok

13:18:12.0546 6012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:18:12.0593 6012 RDPREFMP - ok

13:18:12.0624 6012 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

13:18:12.0686 6012 RDPWD - ok

13:18:12.0749 6012 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:18:12.0780 6012 rdyboost - ok

13:18:12.0889 6012 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

13:18:12.0920 6012 RegSrvc - ok

13:18:12.0952 6012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:18:13.0014 6012 RemoteAccess - ok

13:18:13.0045 6012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:18:13.0076 6012 RemoteRegistry - ok

13:18:13.0139 6012 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

13:18:13.0201 6012 RFCOMM - ok

13:18:13.0232 6012 rimsptsk (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\DRIVERS\rimssn64.sys

13:18:13.0326 6012 rimsptsk - ok

13:18:13.0373 6012 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

13:18:13.0404 6012 RimUsb - ok

13:18:13.0435 6012 risdptsk (71e182a0de1cecb3f912960716345405) C:\Windows\system32\DRIVERS\risdsn64.sys

13:18:13.0498 6012 risdptsk - ok

13:18:13.0591 6012 Roxio UPnP Renderer 10 (d02e5a46f77c182ca1964080bcd586f7) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

13:18:13.0638 6012 Roxio UPnP Renderer 10 - ok

13:18:13.0669 6012 Roxio Upnp Server 10 (e5809597278802d09273ee07b5fc56e1) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

13:18:13.0685 6012 Roxio Upnp Server 10 - ok

13:18:13.0716 6012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:18:13.0778 6012 RpcEptMapper - ok

13:18:13.0810 6012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:18:13.0856 6012 RpcLocator - ok

13:18:13.0950 6012 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll

13:18:13.0997 6012 RpcSs - ok

13:18:14.0028 6012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:18:14.0075 6012 rspndr - ok

13:18:14.0106 6012 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys

13:18:14.0200 6012 RTHDMIAzAudService - ok

13:18:14.0278 6012 RtkAudioService (01e6a1e53e39a0b1e2b6ae62bf52e8ec) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

13:18:14.0293 6012 RtkAudioService - ok

13:18:14.0340 6012 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

13:18:14.0418 6012 s3cap - ok

13:18:14.0496 6012 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:18:14.0543 6012 SamSs - ok

13:18:14.0621 6012 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\Windows\system32\drivers\SbFw.sys

13:18:14.0652 6012 SbFw - ok

13:18:14.0683 6012 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\sbfwim.sys

13:18:14.0699 6012 SBFWIMCL - ok

13:18:14.0699 6012 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\Windows\system32\DRIVERS\SBFWIM.sys

13:18:14.0714 6012 SBFWIMCLMP - ok

13:18:14.0746 6012 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\Windows\system32\drivers\sbhips.sys

13:18:14.0746 6012 sbhips - ok

13:18:14.0808 6012 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:18:14.0855 6012 sbp2port - ok

13:18:14.0855 6012 SBRE - ok

13:18:14.0902 6012 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\Windows\system32\drivers\sbtis.sys

13:18:14.0902 6012 SbTis - ok

13:18:14.0948 6012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:18:15.0011 6012 SCardSvr - ok

13:18:15.0058 6012 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:18:15.0104 6012 scfilter - ok

13:18:15.0245 6012 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:18:15.0338 6012 Schedule - ok

13:18:15.0385 6012 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:18:15.0416 6012 SCPolicySvc - ok

13:18:15.0463 6012 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

13:18:15.0510 6012 sdbus - ok

13:18:15.0572 6012 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:18:15.0666 6012 SDRSVC - ok

13:18:15.0682 6012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:18:15.0728 6012 secdrv - ok

13:18:15.0775 6012 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:18:15.0806 6012 seclogon - ok

13:18:15.0838 6012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

13:18:15.0869 6012 SENS - ok

13:18:15.0884 6012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:18:15.0900 6012 SensrSvc - ok

13:18:15.0931 6012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:18:15.0962 6012 Serenum - ok

13:18:15.0978 6012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:18:15.0994 6012 Serial - ok

13:18:16.0040 6012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:18:16.0103 6012 sermouse - ok

13:18:16.0196 6012 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:18:16.0290 6012 SessionEnv - ok

13:18:16.0306 6012 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys

13:18:16.0337 6012 SFEP - ok

13:18:16.0352 6012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:18:16.0399 6012 sffdisk - ok

13:18:16.0430 6012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:18:16.0462 6012 sffp_mmc - ok

13:18:16.0493 6012 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:18:16.0524 6012 sffp_sd - ok

13:18:16.0571 6012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:18:16.0602 6012 sfloppy - ok

13:18:16.0664 6012 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

13:18:16.0742 6012 SharedAccess - ok

13:18:16.0789 6012 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:18:16.0867 6012 ShellHWDetection - ok

13:18:16.0867 6012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:18:16.0883 6012 SiSRaid2 - ok

13:18:16.0898 6012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:18:16.0898 6012 SiSRaid4 - ok

13:18:16.0930 6012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:18:16.0992 6012 Smb - ok

13:18:17.0039 6012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:18:17.0086 6012 SNMPTRAP - ok

13:18:17.0117 6012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:18:17.0117 6012 spldr - ok

13:18:17.0226 6012 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:18:17.0288 6012 Spooler - ok

13:18:17.0569 6012 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:18:17.0710 6012 sppsvc - ok

13:18:17.0850 6012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:18:17.0959 6012 sppuinotify - ok

13:18:18.0084 6012 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

13:18:18.0084 6012 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

13:18:18.0084 6012 sptd ( LockedFile.Multi.Generic ) - warning

13:18:18.0084 6012 sptd - detected LockedFile.Multi.Generic (1)

13:18:18.0162 6012 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:18:18.0240 6012 srv - ok

13:18:18.0287 6012 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:18:18.0334 6012 srv2 - ok

13:18:18.0365 6012 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:18:18.0427 6012 srvnet - ok

13:18:18.0490 6012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:18:18.0568 6012 SSDPSRV - ok

13:18:18.0614 6012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:18:18.0646 6012 SstpSvc - ok

13:18:18.0724 6012 Steam Client Service - ok

13:18:18.0770 6012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:18:18.0786 6012 stexstor - ok

13:18:18.0864 6012 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:18:18.0942 6012 stisvc - ok

13:18:18.0989 6012 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

13:18:18.0989 6012 storflt - ok

13:18:19.0036 6012 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

13:18:19.0067 6012 StorSvc - ok

13:18:19.0098 6012 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

13:18:19.0114 6012 storvsc - ok

13:18:19.0129 6012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:18:19.0145 6012 swenum - ok

13:18:19.0192 6012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:18:19.0254 6012 swprv - ok

13:18:19.0394 6012 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:18:19.0488 6012 SysMain - ok

13:18:19.0691 6012 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:18:19.0722 6012 TabletInputService - ok

13:18:19.0753 6012 tandpl - ok

13:18:19.0784 6012 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:18:19.0847 6012 TapiSrv - ok

13:18:19.0894 6012 tbhsd (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys

13:18:19.0894 6012 tbhsd - ok

13:18:19.0925 6012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:18:19.0972 6012 TBS - ok

13:18:20.0159 6012 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

13:18:20.0237 6012 Tcpip - ok

13:18:20.0502 6012 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

13:18:20.0549 6012 TCPIP6 - ok

13:18:20.0627 6012 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:18:20.0705 6012 tcpipreg - ok

13:18:20.0752 6012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:18:20.0830 6012 TDPIPE - ok

13:18:20.0876 6012 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:18:20.0923 6012 TDTCP - ok

13:18:20.0970 6012 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:18:21.0017 6012 tdx - ok

13:18:21.0064 6012 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:18:21.0079 6012 TermDD - ok

13:18:21.0126 6012 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:18:21.0188 6012 TermService - ok

13:18:21.0235 6012 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:18:21.0313 6012 Themes - ok

13:18:21.0344 6012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:18:21.0376 6012 THREADORDER - ok

13:18:21.0407 6012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:18:21.0454 6012 TrkWks - ok

13:18:21.0547 6012 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:18:21.0594 6012 TrustedInstaller - ok

13:18:21.0656 6012 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:18:21.0734 6012 tssecsrv - ok

13:18:21.0781 6012 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:18:21.0812 6012 TsUsbFlt - ok

13:18:21.0859 6012 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:18:21.0937 6012 tunnel - ok

13:18:21.0968 6012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:18:22.0000 6012 uagp35 - ok

13:18:22.0062 6012 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:18:22.0140 6012 udfs - ok

13:18:22.0187 6012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:18:22.0202 6012 UI0Detect - ok

13:18:22.0265 6012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:18:22.0296 6012 uliagpkx - ok

13:18:22.0312 6012 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:18:22.0343 6012 umbus - ok

13:18:22.0390 6012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:18:22.0436 6012 UmPass - ok

13:18:22.0483 6012 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

13:18:22.0546 6012 UmRdpService - ok

13:18:22.0592 6012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:18:22.0670 6012 upnphost - ok

13:18:22.0717 6012 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:18:22.0780 6012 usbccgp - ok

13:18:22.0811 6012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:18:22.0826 6012 usbcir - ok

13:18:22.0858 6012 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

13:18:22.0889 6012 usbehci - ok

13:18:22.0936 6012 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:18:22.0998 6012 usbhub - ok

13:18:23.0045 6012 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

13:18:23.0060 6012 usbohci - ok

13:18:23.0076 6012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:18:23.0123 6012 usbprint - ok

13:18:23.0201 6012 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:18:23.0232 6012 USBSTOR - ok

13:18:23.0263 6012 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

13:18:23.0294 6012 usbuhci - ok

13:18:23.0388 6012 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

13:18:23.0419 6012 usbvideo - ok

13:18:23.0450 6012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:18:23.0482 6012 UxSms - ok

13:18:23.0575 6012 VAIO Event Service (6b31c9cb94927dbeeb62e15275f4cc54) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

13:18:23.0591 6012 VAIO Event Service - ok

13:18:23.0684 6012 VAIO Power Management (2d6605c1f0bbd0f71a4cb3a5b1e07240) C:\Program Files\Sony\VAIO Power Management\SPMService.exe

13:18:23.0731 6012 VAIO Power Management - ok

13:18:23.0778 6012 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:18:23.0794 6012 VaultSvc - ok

13:18:23.0840 6012 VBTUSB (70a90412f0ae18021794a0754c2d6299) C:\Windows\system32\Drivers\VBTUSB.sys

13:18:23.0950 6012 VBTUSB ( UnsignedFile.Multi.Generic ) - warning

13:18:23.0950 6012 VBTUSB - detected UnsignedFile.Multi.Generic (1)

13:18:24.0012 6012 VCService (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe

13:18:24.0043 6012 VCService - ok

13:18:24.0090 6012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:18:24.0106 6012 vdrvroot - ok

13:18:24.0199 6012 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:18:24.0262 6012 vds - ok

13:18:24.0308 6012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:18:24.0324 6012 vga - ok

13:18:24.0340 6012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:18:24.0402 6012 VgaSave - ok

13:18:24.0433 6012 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:18:24.0449 6012 vhdmp - ok

13:18:24.0464 6012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:18:24.0480 6012 viaide - ok

13:18:24.0511 6012 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

13:18:24.0527 6012 vmbus - ok

13:18:24.0542 6012 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

13:18:24.0574 6012 VMBusHID - ok

13:18:24.0636 6012 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:18:24.0667 6012 volmgr - ok

13:18:24.0745 6012 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:18:24.0792 6012 volmgrx - ok

13:18:24.0823 6012 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:18:24.0839 6012 volsnap - ok

13:18:24.0870 6012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:18:24.0886 6012 vsmraid - ok

13:18:25.0042 6012 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:18:25.0120 6012 VSS - ok

13:18:25.0416 6012 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

13:18:25.0447 6012 vToolbarUpdater11.2.0 - ok

13:18:25.0619 6012 VUAgent (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

13:18:25.0666 6012 VUAgent - ok

13:18:25.0759 6012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:18:25.0822 6012 vwifibus - ok

13:18:25.0868 6012 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:18:25.0900 6012 VWiFiFlt - ok

13:18:25.0915 6012 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

13:18:25.0931 6012 vwifimp - ok

13:18:25.0978 6012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:18:26.0009 6012 W32Time - ok

13:18:26.0040 6012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:18:26.0056 6012 WacomPen - ok

13:18:26.0102 6012 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:18:26.0165 6012 WANARP - ok

13:18:26.0165 6012 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:18:26.0196 6012 Wanarpv6 - ok

13:18:26.0321 6012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:18:26.0368 6012 WatAdminSvc - ok

13:18:26.0524 6012 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:18:26.0586 6012 wbengine - ok

13:18:26.0726 6012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:18:26.0758 6012 WbioSrvc - ok

13:18:26.0836 6012 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:18:26.0882 6012 wcncsvc - ok

13:18:26.0914 6012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:18:26.0992 6012 WcsPlugInService - ok

13:18:27.0023 6012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:18:27.0038 6012 Wd - ok

13:18:27.0085 6012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:18:27.0116 6012 Wdf01000 - ok

13:18:27.0132 6012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:18:27.0179 6012 WdiServiceHost - ok

13:18:27.0194 6012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:18:27.0210 6012 WdiSystemHost - ok

13:18:27.0288 6012 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:18:27.0350 6012 WebClient - ok

13:18:27.0397 6012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:18:27.0475 6012 Wecsvc - ok

13:18:27.0491 6012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:18:27.0553 6012 wercplsupport - ok

13:18:27.0584 6012 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:18:27.0631 6012 WerSvc - ok

13:18:27.0678 6012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:18:27.0709 6012 WfpLwf - ok

13:18:27.0725 6012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:18:27.0740 6012 WIMMount - ok

13:18:27.0772 6012 WinDefend - ok

13:18:27.0787 6012 WinHttpAutoProxySvc - ok

13:18:27.0850 6012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:18:27.0928 6012 Winmgmt - ok

13:18:28.0130 6012 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:18:28.0224 6012 WinRM - ok

13:18:28.0427 6012 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:18:28.0458 6012 WinUsb - ok

13:18:28.0552 6012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:18:28.0598 6012 Wlansvc - ok

13:18:28.0676 6012 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:18:28.0708 6012 wlcrasvc - ok

13:18:28.0973 6012 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:18:29.0035 6012 wlidsvc - ok

13:18:29.0160 6012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:18:29.0222 6012 WmiAcpi - ok

13:18:29.0363 6012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:18:29.0425 6012 wmiApSrv - ok

13:18:29.0472 6012 WMPNetworkSvc - ok

13:18:29.0488 6012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:18:29.0519 6012 WPCSvc - ok

13:18:29.0597 6012 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:18:29.0644 6012 WPDBusEnum - ok

13:18:29.0675 6012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:18:29.0737 6012 ws2ifsl - ok

13:18:29.0768 6012 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

13:18:29.0815 6012 wscsvc - ok

13:18:29.0878 6012 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

13:18:29.0893 6012 WSDPrintDevice - ok

13:18:29.0909 6012 WSearch - ok

13:18:30.0143 6012 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

13:18:30.0236 6012 wuauserv - ok

13:18:30.0377 6012 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:18:30.0470 6012 WudfPf - ok

13:18:30.0486 6012 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:18:30.0548 6012 WUDFRd - ok

13:18:30.0595 6012 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:18:30.0626 6012 wudfsvc - ok

13:18:30.0673 6012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:18:30.0736 6012 WwanSvc - ok

13:18:30.0814 6012 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

13:18:30.0892 6012 xusb21 - ok

13:18:30.0938 6012 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

13:18:30.0970 6012 yukonw7 - ok

13:18:31.0032 6012 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

13:18:31.0453 6012 \Device\Harddisk0\DR0 - ok

13:18:31.0453 6012 Boot (0x1200) (d33c997ce3d1a55376d5734ddcb4838c) \Device\Harddisk0\DR0\Partition0

13:18:31.0453 6012 \Device\Harddisk0\DR0\Partition0 - ok

13:18:31.0500 6012 Boot (0x1200) (37745fa2343d91ed0c606d16c70b0c07) \Device\Harddisk0\DR0\Partition1

13:18:31.0500 6012 \Device\Harddisk0\DR0\Partition1 - ok

13:18:31.0500 6012 ============================================================

13:18:31.0500 6012 Scan finished

13:18:31.0500 6012 ============================================================

13:18:31.0516 3968 Detected object count: 4

13:18:31.0516 3968 Actual detected object count: 4

13:28:17.0413 3968 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:28:17.0413 3968 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:28:17.0413 3968 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:28:17.0413 3968 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:28:17.0413 3968 sptd ( LockedFile.Multi.Generic ) - skipped by user

13:28:17.0413 3968 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

13:28:17.0413 3968 VBTUSB ( UnsignedFile.Multi.Generic ) - skipped by user

13:28:17.0413 3968 VBTUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:32:04.0176 1692 Deinitialize success

[MrCharlie]

What browser is redirected? MrC

[Countryrock2001]

Firefox, when I'm on google. It usually redirects to click.get-answers-fast.com sites.